All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Error in RIPE database & Reverse IPv6 PTR
Hello, I'm trying to setup the reverse rdns servers for my IPv6 /32.
But I'm getting some errors.
Here you can see a screenshot of my DNS server config for the IPv6:
http://prntscr.com/2qmvt0
Here you can see a screenshot of the object creation in the RIPE database:
http://prntscr.com/2qmxzb
You can try to ping any of my IPv6 and see that all is working ok.
So I dont understand why I get TCP and UDP comunication errors, if te IPv6 ping ok and services are running Ok via IPv6.
Here you can see error in the RIPE database object creation process and the ping probes:
(Also you can test here: http://dnscheck.ripe.net/ doing a test for the domain ginernet.com)
Error: Name server rdns1.ginernet.com (2a03:c7c0:1:0:0:0:49:1) does not answer queries over UDP.
The name server failed to answer queries sent over UDP. This is probably due to the name server not correctly set up or due to misconfigured filtering in a firewall.
Error: Name server rdns1.ginernet.com (2a03:c7c0:1:0:0:0:49:1) does not answer queries over TCP.
The name server failed to answer queries sent over TCP. This is probably due to the name server not correctly set up or due to misconfgured filtering in a firewall. It is a rather common misconception that DNS does not need TCP unless they provide zone transfers - perhaps the name server administrator is not aware that TCP usually is a requirement.
PING rdns1.ginernet.com(2a03:c7c0:1::49:1) 32 data bytes
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=0 ttl=55 time=35.1 ms
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=1 ttl=55 time=35.1 ms
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=2 ttl=55 time=34.9 ms
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=3 ttl=55 time=34.9 ms
--- rdns1.ginernet.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3010ms
rtt min/avg/max/mdev = 34.963/35.062/35.162/0.087 ms, pipe 2
Error: Name server rdns2.ginernet.com (2a03:c7c0:1:0:0:0:49:2) does not answer queries over UDP.
The name server failed to answer queries sent over UDP. This is probably due to the name server not correctly set up or due to misconfigured filtering in a firewall.
Error: Name server rdns2.ginernet.com (2a03:c7c0:1:0:0:0:49:2) does not answer queries over TCP.
The name server failed to answer queries sent over TCP. This is probably due to the name server not correctly set up or due to misconfgured filtering in a firewall. It is a rather common misconception that DNS does not need TCP unless they provide zone transfers - perhaps the name server administrator is not aware that TCP usually is a requirement.
PING rdns2.ginernet.com(2a03:c7c0:1::49:2) 32 data bytes
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=0 ttl=55 time=30.2 ms
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=1 ttl=55 time=30.2 ms
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=2 ttl=55 time=30.1 ms
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=3 ttl=55 time=30.1 ms
--- rdns2.ginernet.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3012ms
rtt min/avg/max/mdev = 30.178/30.218/30.275/0.177 ms, pipe 2
Warning: Could not find reverse address for 2a03:c7c0:1:0:0:0:49:1 (1.0.0.0.9.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.c.7.c.3.0.a.2.ip6.arpa.).
PTR record(s) for the address could not be found in the .arpa-zone. (ip6.arpa. for IPv6 addresses and in-addr.arpa. for IPv4).
warning: Could not find reverse address for 2a03:c7c0:1:0:0:0:49:2 (2.0.0.0.9.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.c.7.c.3.0.a.2.ip6.arpa.).
PTR record(s) for the address could not be found in the .arpa-zone. (ip6.arpa. for IPv6 addresses and in-addr.arpa. for IPv4).
Comments
Hello, did you setup the name zone to allow ripe ips?, also are you using named configuration or panel? check if the rdns1 rdns2 nameservers are allowed to update the dns for the ips reverse also are the ips fully delegated in ripe to rdns1 rdns2? do you have any ips reverse delegated on rdns1 rdns2 which works?
Many thanks for your reply!
I dont understand, I dont have any firewall blocking it, but, what are that RIPE IPs? I dont see in the RIPE docs any referente about that I need allow his IPs...
SolusVM powerDNS -> http://docs.solusvm.com/powerdns
Yes, you can see here: http://prntscr.com/2qn9qp
I think this is what I'm trying to do, and I get the error... http://prntscr.com/2qmxzb
Yes, I dont have any issue with IPv4, test: https://apps.db.ripe.net/search/lookup.html?source=ripe&key=118.134.5.in-addr.arpa&type=domain
Hello, have a look at:
http://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation
some where you did not setup it correctly or the ripe delegation isn't right, if ipv4 works fine, then something else my not be working, also i do sugest you to use two temporar dns server using bind/named and try to setup it from ssh and see if works, maybe powerdns isnt doing something correct, ripe has some ips to allow in zone, however i think for ip6 is not required it anymore.
also look at ": http://www.gestioip.net/docu/ipv6_reverse_dns_delegation.html
The delegation itself hasn't worked to begin with,
Protip: dig +trace is your friend.
I think you dont get any response because the delegation is not Ok in the RIPE database, is this what I'm trying to do...
But if you try to do the request directly to my rdns server, you can see that the response is Ok.
[root@observium ~]# dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54237
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;0.c.7.c.3.0.a.2.ip6.arpa. IN NS
;; ANSWER SECTION:
0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns1.ginernet.com.
0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns2.ginernet.com.
;; Query time: 23 msec
;; SERVER: 5.134.116.49#53(5.134.116.49)
;; WHEN: Sat Feb 8 18:25:52 2014
;; MSG SIZE rcvd: 94
[root@observium ~]#
@jmginer - does your nameservers listen on IPv6 addresses? as far as I can see they require rdns1.ginernet.com as 2a03:c7c0:1:0:0:0:49:1 but your test is against 5.134.116.49. Try dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa +6
Many thanks...
Seems the issue is here:
Running: dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -4
I get: SERVER: 5.134.116.49#53(5.134.116.49)
And running: dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -6
I get: SERVER: ::ffff:5.134.116.49#53(5.134.116.49)
So, the response is not via IPv6 :S
Not sure how to fix now...
I will try with a only ipv6 server, but I prefer use the same rdns server for both IPv4 and IPv6.
Not sure if it's caused by the PowerDNS server or if it's the same with all DNS servers... If someone know how to fix this, I appreciate his help
Regards!
PS- @fileMEDIA seems has working ok, any idea? Thanks!
Glad to see that you managed to find out the problem, try a normal vps with just bind/named on it and see if works.
@jmginer - check your pdns.conf for local-ipv6 key, if commented out add your IPV6 addresses separated by coma and restart PowerDNS.
I think is solved!!!
Adding that lines into /etc/pdns/pdns.conf
do-ipv6-additional-processing=yes
local-ipv6=2a03:c7c0:1::49:1 #this is the IPv6 assigned for this server
then
/etc/init.d/pdns restart
and:
[root@observium ~]# dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -6
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -6
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19683
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;0.c.7.c.3.0.a.2.ip6.arpa. IN NS
;; ANSWER SECTION:
0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns1.ginernet.com.
0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns2.ginernet.com.
;; Query time: 34 msec
;; SERVER: **2a03:c7c0:1::49:1#53(2a03:c7c0:1::49:1)**
;; WHEN: Sun Feb 9 15:13:59 2014
;; MSG SIZE rcvd: 94
[root@observium ~]#
I'm going to check if it's ok now for RIPE...
yeah!!!
https://apps.db.ripe.net/search/lookup.html?source=ripe&key=0.c.7.c.3.0.a.2.ip6.arpa&type=domain
@racksx @Wintereise @Jack @gbshouse Many many thanks!!!