Reverse DNS on IPv6
When sending mail to Gmail, you get this kind of response:
message does not meet IPv6 sending guidelines regarding PTR records
The reason is missing reverse DNS record for server’s IPv6 address; fix is obvious but not easy.
===
I decided to do something on a mentioned problem. A lot of emails from my server get dumped into SPAM or aren’t delivered at all. Usually I get this kind of message:
Our system has detected that this 550-5.7.1 message does not meet
IPv6 sending guidelines regarding PTR records 550-5.7.1 and
authentication.
Reverse DNS Lookup
Google seems to require both IPv4 and IPv6 reverse DNS entries. To please him, I need to do two things:
-
Set AAAA record in my DNS. To explain: AAAA is a just a fancy name for what is A record, but for IPv6
-
Set PTR record - Reverse DNS record. This is done in some web interface oy your hosting company.
Server’s IPv6 Address
First, I must know my server’s IPv6 adress. To find it out, look up inside /etc/network/interfaces
file or type ip -6 addr
to see all
configured IPv6 adresses.
Then from other system ping and test that IPv6 address:
ping6 1111:222:33:44::2
You can ping Google, also:
ping6 ipv6.google.com
Check for reverse PTR record?
Now, when I know my server’s IPv6 address, typing dig -x My_IPv6_Addr
will get me a list of PTR records already set.
Alternatively, you can do it online:
- Reverse IP Lookup should give you a server name as rDNS, not IP.
- IPv6 DNS Lookup
- Reverse DNS Tool (IPv4 & IPv6)
IPv6 Address Notation
An IPv6 address is represented as 8 groups of four hexadecimal digits. The groups are separated by colons (:).
- Leading zeroes in a group may be omitted
- Consecutive groups of zeros entries can be omitted entirely using two consecutive colons (::), but only once in an address.
Here it is a perfect explanation of IPv6 Address Notation
What does /64 subnet means?
The /64
is the prefix length - it is the number of bits in the address that is fixed. So usually, provider gives you a /64
subnet, that is a
range of addresses where the first 64 bits are constant and the remaining ones are for your disposition.
Just remind yourself that in the IPv4 there are 32 bits in an IP address and in IPv6 there are 128 bits.
Hetzner IPv6 reverse DNS
In addition to the main IPv4 address Hetzner provides /64 IPv6 subnet by default.
Adding IPv6 IP adresses is not so obvious: for subnets (IPv6) you’ll need to click on the plus button in front of the subnet to see the individual IPs and be able to set reverse DNS entries for them.
How to test and debug?
As a reminder, when you fix that problem, let’s try to send an email to some google recipient; it should arrive immediately:
echo 'My Mail' | mail -s "Automatic mail sending from terminal" example@gmail.com
If the mail is not immediately delivered, debug what’s happening by monitoring:
tail -n20 /var/log/syslog | grep postfix