• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Stuck at Mailserver test

Started by omegatron, June 20, 2010, 05:44:49 AM

Previous topic - Next topic

omegatron

Hey all, been progressing through the tests slowly, however after waiting 24 hours for any records to update I still can't get the test to recognise my IPv6 available mailsever.

This is the error I receive: No MX found for your domain. Failed to get AAAA

The domain I'm testing to is <user>@ipv6.epicwinrar.com

If I do lookups I can see that:
1. the MX record for ipv6.epicwinrar.com pointing to coffee.ipv6.epicwinrar.com
2. there is both an A and AAAA record for coffee.ipv6.epicwinrar.com that can be resolved from he.net's looking glass
3. there is a mailserver accepting email to the account I'm using which I can send to from any ipv4 server, I don't have a pure ipv6 mail server to test from thou however I can telnet to the ipv6 ip on port 25 and send a message successfully.

Any ideas on what I'm doing wrong?

tykimus

DNS caching issue. Just wait until it clears up.

patrickdk

It would also defently help, that while testing, to lower your ttl values, so they don't get cached so long if you make a mistake.

jimb

Wonder if there's a way to adjust the negative caching value in BIND or whatever they're using.  Seems to be a somewhat frequent problem.

omegatron

Woohoo, finally updated and sent just now :-)

Now the very next step also fails, tells me I don't have a RDNS record for it.. which is also incorrect as
a) I've had the record setup since before the MX record was there and
b) it's provided by he.net themselves so one would assume they'd be able to see it >.<

External sources also agree: http://www.lookupserver.com/?reverse_dns=2001:470:8402:2::10&submit=Lookup

Oh well, guess I wait another 24 hours and try this one again too :-P

jimb

Odd.  I can see it too.  Also, I never had any of these issues when I did it.  Negative caching?  But then you say the RDNS has been in place a while now.   :-\

All I know is that I was pretty careful to make sure stuff worked before I pushed the "go" button on the cert site.  Usually would verify from both outside and inside my routing domain.

omegatron

Yeah the RDNS entry has been there for about 2 days now and tests fine from here too :-/

I knew it was the next step so set it up at the same time I was arranging glue records and the mail server.

Just tried it again now and it passed, maybe it's a server load problem or something?

omegatron

As a suggestion, it'd make the tests a lot easier if we could see the response the he.net server received rather than just a pass or fail.

This would at least show if it was still seeing old records or nothing :-)

Similarly, I think the dig commands to test things yourself (as listed by broquea: http://www.tunnelbroker.net/forums/index.php?topic=304.0) would be very handy to have listed on the certification test pages (although I see there's some merit to making people figure it out on their own)

snarked

RE: reply #3:  Negative caching is controlled by the last value on the SOA record for the domain in question.  BIND does NOT have a global override value for this function, and I am unaware of any DNS server software that does.

Basically, your domain - your problem.

patrickdk

Yes, the soa record give the ttl for negative entries.

I use the powerdns recursor software, and it also lets you override it, I normally use 3600, so it will only cache neg hits for up to an hour for me.