Reverse DNS for IPv6

@hvgriggs:

Today, Comcast started rejecting my emails for not having a reverse DNS entry. I set up a reverse DNS entry when my Linode was created months ago. In the rejection email from Comcast, they give my IPv6 IP address as the offending IP address.

554 imta05.emeryville.ca.mail.comcast.net comcast 2600:3c03::f03c:91ff:feae:a9fc Comcast requires that all mail servers must have a PTR record

with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to:

http://postmaster.comcast.net/smtp-error-codes.php#554

I have to assume that in the last couple of days they switched to IPv6 and are now complaining about my IPv6 address. Is that a reasonable assumption?

Is there a way to set the ipv6 reverse DNS?

For your Linode IP addresses the process is the same when adding reverse entries whether it's for v4 or v6. Make sure you have the AAAA record (in the case of ipv6) in place for the name you want to use, then proceed to the Remote Access tab, reverse dns, enter the hostname and select whether you want to use it as the reverse name for the address it resolved to.

My DNS is hosted on namesecure.com where I have my domains registered. They do not appear to allow IPv6 DNS entries. So I cannot set up an AAAA record. And that means I cannot set up IPv6 reverse DNS. Is that right?

So I probably need to move my DNS to where I can set up IPv6 AAAA entries.

Without an AAAA record, how is Comcast finding your IPv6 address?

@hvgriggs:

My DNS is hosted on namesecure.com where I have my domains registered. They do not appear to allow IPv6 DNS entries. So I cannot set up an AAAA record. And that means I cannot set up IPv6 reverse DNS. Is that right?

So I probably need to move my DNS to where I can set up IPv6 AAAA entries.

If they really don't allow you to add AAAA records you would have to do something like that.

@dcraig:

Without an AAAA record, how is Comcast finding your IPv6 address?

I presume he is connecting to the Comcast server over ipv6?

I have emailed NameSecure and asked them about IPv6. I'll see what they say.

Alternatively, could I force my Linode back to IPv4 only?

@hvgriggs:

Alternatively, could I force my Linode back to IPv4 only?

You could, either for the whole system or just your mail server software. However, that sounds like the wrong solution.

I understand it is the wrong solution, but right now, my prime concern is to get Comcast to accept my emails. I have to be pragmatic about this.

You didn't say what MTA you're using; the following main.cf settings would apply for Postfix.

When a destination domain has both IPv6 and IPv4 addresses with equal MX preference, smtpaddresspreference = ipv4 will cause Postfix to try the v4 address first. Since mx1.comcast.net and mx2.comcast.net have both v4 and v6 addresses, this should solve the problem (for Comcast, anyway).

inet_protocols = ipv4 is a brute-force solution that will tell Postfix to use IPv4 only for all purposes. It means you will be unable to send or receive mail from any IPv6-only domains.

Alternatively, you could set up a firewall rule blocking outgoing traffic to 2001:558:fe14:70::22 and 2001:558:fe2d:70::22. This would prevent IPv6 connections to Comcast's (current) mailservers. I think Postfix would then try connecting via IPv4, but you should test first.

Using sendmail.

As a temporary measure, I have stopped IPv6 on Slackware on my Linode, and now my emails to Comcast are going through.

I will persevere with my DNS requests with Namesecure. If they cannot help me, I will move my DNS hosting. Eventually I will get DNS set up with AAAA records, and then I will turn IPv6 back on in my Linode.

"Remote Access tab, reverse dns, enter the hostname and select whether you want to use it as the reverse name for the address it resolved to."

When I click "reverse dns" The only IP I can change is my ipv4 address, I need to change the ipv6 address, thanks.

@katsklaw:

"Remote Access tab, reverse dns, enter the hostname and select whether you want to use it as the reverse name for the address it resolved to."

When I click "reverse dns" The only IP I can change is my ipv4 address, I need to change the ipv6 address, thanks.
The manager does a forward lookup on the name you give it and then offers to change one or both of the v4 or v6 address depending on what forward information is in DNS. (E.g., it verifies that the reverse entry will match a forward entry if added).

So to support v6, and as mentioned up-thread, you need to have an appropriate AAAA record for the name you give that maps to your v6 address.

(If you've just added such a record to your DNS provider and its not Linode itself, it may not have propagated yet. If through Linode, you may have to wait for the next 15-minute refresh)

– David

Ahh, I mist have missed that part. Solved.

thanks db3l. 8)