Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Error in RIPE database & Reverse IPv6 PTR
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Error in RIPE database & Reverse IPv6 PTR

jmginerjmginer Member, Patron Provider
edited February 2014 in Help

Hello, I'm trying to setup the reverse rdns servers for my IPv6 /32.

But I'm getting some errors.

Here you can see a screenshot of my DNS server config for the IPv6:
http://prntscr.com/2qmvt0

Here you can see a screenshot of the object creation in the RIPE database:
http://prntscr.com/2qmxzb

You can try to ping any of my IPv6 and see that all is working ok.
So I dont understand why I get TCP and UDP comunication errors, if te IPv6 ping ok and services are running Ok via IPv6.

Here you can see error in the RIPE database object creation process and the ping probes:

(Also you can test here: http://dnscheck.ripe.net/ doing a test for the domain ginernet.com)

Error: Name server rdns1.ginernet.com (2a03:c7c0:1:0:0:0:49:1) does not answer queries over UDP.
The name server failed to answer queries sent over UDP. This is probably due to the name server not correctly set up or due to misconfigured filtering in a firewall.

Error: Name server rdns1.ginernet.com (2a03:c7c0:1:0:0:0:49:1) does not answer queries over TCP.
The name server failed to answer queries sent over TCP. This is probably due to the name server not correctly set up or due to misconfgured filtering in a firewall. It is a rather common misconception that DNS does not need TCP unless they provide zone transfers - perhaps the name server administrator is not aware that TCP usually is a requirement.

PING rdns1.ginernet.com(2a03:c7c0:1::49:1) 32 data bytes
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=0 ttl=55 time=35.1 ms
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=1 ttl=55 time=35.1 ms
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=2 ttl=55 time=34.9 ms
40 bytes from 2a03:c7c0:1::49:1: icmp_seq=3 ttl=55 time=34.9 ms

--- rdns1.ginernet.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3010ms
rtt min/avg/max/mdev = 34.963/35.062/35.162/0.087 ms, pipe 2

 

Error: Name server rdns2.ginernet.com (2a03:c7c0:1:0:0:0:49:2) does not answer queries over UDP.
The name server failed to answer queries sent over UDP. This is probably due to the name server not correctly set up or due to misconfigured filtering in a firewall.

Error: Name server rdns2.ginernet.com (2a03:c7c0:1:0:0:0:49:2) does not answer queries over TCP.
The name server failed to answer queries sent over TCP. This is probably due to the name server not correctly set up or due to misconfgured filtering in a firewall. It is a rather common misconception that DNS does not need TCP unless they provide zone transfers - perhaps the name server administrator is not aware that TCP usually is a requirement.

PING rdns2.ginernet.com(2a03:c7c0:1::49:2) 32 data bytes
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=0 ttl=55 time=30.2 ms
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=1 ttl=55 time=30.2 ms
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=2 ttl=55 time=30.1 ms
40 bytes from 2a03:c7c0:1::49:2: icmp_seq=3 ttl=55 time=30.1 ms

--- rdns2.ginernet.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3012ms
rtt min/avg/max/mdev = 30.178/30.218/30.275/0.177 ms, pipe 2

 

Warning: Could not find reverse address for 2a03:c7c0:1:0:0:0:49:1 (1.0.0.0.9.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.c.7.c.3.0.a.2.ip6.arpa.).
PTR record(s) for the address could not be found in the .arpa-zone. (ip6.arpa. for IPv6 addresses and in-addr.arpa. for IPv4).

warning: Could not find reverse address for 2a03:c7c0:1:0:0:0:49:2 (2.0.0.0.9.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.c.7.c.3.0.a.2.ip6.arpa.).
PTR record(s) for the address could not be found in the .arpa-zone. (ip6.arpa. for IPv6 addresses and in-addr.arpa. for IPv4).

Comments

  • racksxracksx Member
    edited February 2014

    Hello, did you setup the name zone to allow ripe ips?, also are you using named configuration or panel? check if the rdns1 rdns2 nameservers are allowed to update the dns for the ips reverse also are the ips fully delegated in ripe to rdns1 rdns2? do you have any ips reverse delegated on rdns1 rdns2 which works?

  • jmginerjmginer Member, Patron Provider
    edited February 2014

    Many thanks for your reply!

    @racksx said: did you setup the name zone to allow ripe ips?,

    I dont understand, I dont have any firewall blocking it, but, what are that RIPE IPs? I dont see in the RIPE docs any referente about that I need allow his IPs...

    @racksx said: also are you using named configuration or panel?

    SolusVM powerDNS -> http://docs.solusvm.com/powerdns

    @racksx said: check if the rdns1 rdns2 nameservers are allowed to update the dns for the ips reverse

    Yes, you can see here: http://prntscr.com/2qn9qp

    @racksx said: also are the ips fully delegated in ripe to rdns1 rdns2?

    I think this is what I'm trying to do, and I get the error... http://prntscr.com/2qmxzb

    @racksx said: do you have any ips reverse delegated on rdns1 rdns2 which works?

    Yes, I dont have any issue with IPv4, test: https://apps.db.ripe.net/search/lookup.html?source=ripe&key=118.134.5.in-addr.arpa&type=domain

  • Hello, have a look at:
    http://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation

    some where you did not setup it correctly or the ripe delegation isn't right, if ipv4 works fine, then something else my not be working, also i do sugest you to use two temporar dns server using bind/named and try to setup it from ssh and see if works, maybe powerdns isnt doing something correct, ripe has some ips to allow in zone, however i think for ip6 is not required it anymore.

    also look at ": http://www.gestioip.net/docu/ipv6_reverse_dns_delegation.html

    Thanked by 1jmginer
  • The delegation itself hasn't worked to begin with,

    
    paul.s@lax ~ % dig +trace ns 0.c.7.c.3.0.a.2.ip6.arpa
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace ns 0.c.7.c.3.0.a.2.ip6.arpa
    ;; global options: +cmd
    .                       16862   IN      NS      f.root-servers.net.
    .                       16862   IN      NS      l.root-servers.net.
    .                       16862   IN      NS      e.root-servers.net.
    .                       16862   IN      NS      d.root-servers.net.
    .                       16862   IN      NS      h.root-servers.net.
    .                       16862   IN      NS      c.root-servers.net.
    .                       16862   IN      NS      b.root-servers.net.
    .                       16862   IN      NS      a.root-servers.net.
    .                       16862   IN      NS      j.root-servers.net.
    .                       16862   IN      NS      g.root-servers.net.
    .                       16862   IN      NS      m.root-servers.net.
    .                       16862   IN      NS      i.root-servers.net.
    .                       16862   IN      NS      k.root-servers.net.
    ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 417 ms
    
    ip6.arpa.               172800  IN      NS      a.ip6-servers.arpa.
    ip6.arpa.               172800  IN      NS      c.ip6-servers.arpa.
    ip6.arpa.               172800  IN      NS      e.ip6-servers.arpa.
    ip6.arpa.               172800  IN      NS      d.ip6-servers.arpa.
    ip6.arpa.               172800  IN      NS      f.ip6-servers.arpa.
    ip6.arpa.               172800  IN      NS      b.ip6-servers.arpa.
    ;; Received 414 bytes from 192.36.148.17#53(192.36.148.17) in 844 ms
    
    0.a.2.ip6.arpa.         86400   IN      NS      sns-pb.isc.org.
    0.a.2.ip6.arpa.         86400   IN      NS      sec1.apnic.net.
    0.a.2.ip6.arpa.         86400   IN      NS      tinnie.arin.net.
    0.a.2.ip6.arpa.         86400   IN      NS      ns3.nic.fr.
    0.a.2.ip6.arpa.         86400   IN      NS      pri.authdns.ripe.net.
    0.a.2.ip6.arpa.         86400   IN      NS      sec3.apnic.net.
    ;; Received 198 bytes from 193.0.9.2#53(193.0.9.2) in 326 ms
    
    0.a.2.ip6.arpa.         3600    IN      SOA     pri.authdns.ripe.net. dns.ripe.net. 1391876154 3600 600                                                                                                                                                                         864000 7200
    ;; Received 102 bytes from 2001:500:2e::1#53(2001:500:2e::1) in 11 ms
    
    

    Protip: dig +trace is your friend.

    Thanked by 1GIANT_CRAB
  • jmginerjmginer Member, Patron Provider
    edited February 2014

    @Wintereise said:
    The delegation itself hasn't worked to begin with,

    I think you dont get any response because the delegation is not Ok in the RIPE database, is this what I'm trying to do...

    But if you try to do the request directly to my rdns server, you can see that the response is Ok.




    [root@observium ~]# dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54237
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;0.c.7.c.3.0.a.2.ip6.arpa. IN NS

    ;; ANSWER SECTION:
    0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns1.ginernet.com.
    0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns2.ginernet.com.

    ;; Query time: 23 msec
    ;; SERVER: 5.134.116.49#53(5.134.116.49)
    ;; WHEN: Sat Feb 8 18:25:52 2014
    ;; MSG SIZE rcvd: 94

    [root@observium ~]#

  • gbshousegbshouse Member, Host Rep

    @jmginer - does your nameservers listen on IPv6 addresses? as far as I can see they require rdns1.ginernet.com as 2a03:c7c0:1:0:0:0:49:1 but your test is against 5.134.116.49. Try dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa +6

    Thanked by 1jmginer
  • jmginerjmginer Member, Patron Provider
    edited February 2014

    @gbshouse said:
    jmginer - does your nameservers listen on IPv6 addresses? as far as I can see they require rdns1.ginernet.com as 2a03:c7c0:1:0:0:0:49:1 but your test is against 5.134.116.49. Try dig rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa +6

    Many thanks...

    Seems the issue is here:

    Running: dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -4

    I get: SERVER: 5.134.116.49#53(5.134.116.49)

    And running: dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -6

    I get: SERVER: ::ffff:5.134.116.49#53(5.134.116.49)

    So, the response is not via IPv6 :S

    Not sure how to fix now...
    I will try with a only ipv6 server, but I prefer use the same rdns server for both IPv4 and IPv6.

    Not sure if it's caused by the PowerDNS server or if it's the same with all DNS servers... If someone know how to fix this, I appreciate his help :)

    Regards!

    PS- @fileMEDIA seems has working ok, any idea? Thanks!

  • @jmginer said:
    PS- fileMEDIA seems has working ok, any idea? Thanks!

    Glad to see that you managed to find out the problem, try a normal vps with just bind/named on it and see if works.

  • gbshousegbshouse Member, Host Rep

    @jmginer - check your pdns.conf for local-ipv6 key, if commented out add your IPV6 addresses separated by coma and restart PowerDNS.

  • jmginerjmginer Member, Patron Provider

    I think is solved!!! :)

    Adding that lines into /etc/pdns/pdns.conf

    do-ipv6-additional-processing=yes

    local-ipv6=2a03:c7c0:1::49:1 #this is the IPv6 assigned for this server

    then

    /etc/init.d/pdns restart

    and:

    [root@observium ~]# dig @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -6

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> @rdns1.ginernet.com ns 0.c.7.c.3.0.a.2.ip6.arpa -6
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19683
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    ;; QUESTION SECTION:
    ;0.c.7.c.3.0.a.2.ip6.arpa. IN NS

    ;; ANSWER SECTION:
    0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns1.ginernet.com.
    0.c.7.c.3.0.a.2.ip6.arpa. 86400 IN NS rdns2.ginernet.com.

    ;; Query time: 34 msec
    ;; SERVER: **2a03:c7c0:1::49:1#53(2a03:c7c0:1::49:1)**
    ;; WHEN: Sun Feb 9 15:13:59 2014
    ;; MSG SIZE rcvd: 94

    [root@observium ~]#

    I'm going to check if it's ok now for RIPE...

Sign In or Register to comment.