Reverse DNS on IPv6

Edit Page

When sending mail to Gmail, you get this kind of response:

message does not meet IPv6 sending guidelines regarding PTR records

The reason is missing reverse DNS record for server’s IPv6 address; fix is obvious but not easy.

===

I decided to do something on a mentioned problem. A lot of emails from my server get dumped into SPAM or aren’t delivered at all. Usually I get this kind of message:

Our system has detected that this 550-5.7.1 message does not meet
IPv6 sending guidelines regarding PTR records 550-5.7.1 and
authentication.

Reverse DNS Lookup

Google seems to require both IPv4 and IPv6 reverse DNS entries. To please him, I need to do two things:

  1. Set AAAA record in my DNS. To explain: AAAA is a just a fancy name for what is A record, but for IPv6

  2. Set PTR record - Reverse DNS record. This is done in some web interface oy your hosting company.

Server’s IPv6 Address

First, I must know my server’s IPv6 adress. To find it out, look up inside /etc/network/interfaces file or type ip -6 addr to see all configured IPv6 adresses.

Then from other system ping and test that IPv6 address:

ping6 1111:222:33:44::2

You can ping Google, also:

ping6 ipv6.google.com

Check for reverse PTR record?

Now, when I know my server’s IPv6 address, typing dig -x My_IPv6_Addr will get me a list of PTR records already set.

Alternatively, you can do it online:

IPv6 Address Notation

An IPv6 address is represented as 8 groups of four hexadecimal digits. The groups are separated by colons (:).

  • Leading zeroes in a group may be omitted
  • Consecutive groups of zeros entries can be omitted entirely using two consecutive colons (::), but only once in an address.

Here it is a perfect explanation of IPv6 Address Notation

What does /64 subnet means?

The /64 is the prefix length - it is the number of bits in the address that is fixed. So usually, provider gives you a /64 subnet, that is a range of addresses where the first 64 bits are constant and the remaining ones are for your disposition.

Just remind yourself that in the IPv4 there are 32 bits in an IP address and in IPv6 there are 128 bits.

What does it mean /64 in IPv6

Hetzner IPv6 reverse DNS

In addition to the main IPv4 address Hetzner provides /64 IPv6 subnet by default.

Adding IPv6 IP adresses is not so obvious: for subnets (IPv6) you’ll need to click on the plus button in front of the subnet to see the individual IPs and be able to set reverse DNS entries for them.

How to test and debug?

As a reminder, when you fix that problem, let’s try to send an email to some google recipient; it should arrive immediately:

echo 'My Mail' | mail -s "Automatic mail sending from terminal" example@gmail.com

If the mail is not immediately delivered, debug what’s happening by monitoring:

tail -n20 /var/log/syslog | grep postfix
date 01. Jan 0001 | modified 29. Dec 2023
filename: Problem - Reverse DNS on IPv6