We have the Comcast EDI (Internet). We use a static IPV4 address for our Exchange mail server. We have the appropriate DNS/PTR records for the IPV4. Our Exchange and email have been working normally for a few years now. Our EDI (dedicated fiber Internet) has also been good for a few years. So our environment - email and Internet - all good for quite some time.
Today we are getting bounced messages sent from Exchange to Google mail users. The message is stating that - Our system has detected that this message does not meet IPv6 sending guidelines regarding PTR records - and before the message text it references an IPV6.
I think Comcast needs to enter a PTR record for the IPV6 - even though we use a static IPV4. Their support seems confused and is saying it could take days. I am not convinced they understand the issue.
Additionally - If I Google - what is my IP - some sites are showing an IPV6 and some show my expected IPV4 WAN address.
Does anyone have any insight on this?
Lots of luck with that ...
host -t ns 0.6.2.ip6.arpa
0.6.2.ip6.arpa name server z.arin.net.
0.6.2.ip6.arpa name server y.arin.net.
0.6.2.ip6.arpa name server x.arin.net.
0.6.2.ip6.arpa name server u.arin.net.
0.6.2.ip6.arpa name server r.arin.net.
0.6.2.ip6.arpa name server arin.authdns.ripe.net.
host -t ns 126.96.36.199.ip6.arpa
188.8.131.52.ip6.arpa has no NS record
host -t ns 0.0.0.3.0.6.2.ip6.arpa
0.0.0.3.0.6.2.ip6.arpa has no NS record
Comcast seems to have no IPv6 rDNS for the entire 2603:3000::/24 allocation. I'd be very pleased to hear that this is not the case and that I'm looking at this wrong.
What you would want is for a /56 of the form 2603:30zy:xwvu:ts00::/56 is get the NS record for s.t.u.v.w.x.y.z.0.3.3.0.6.2.ip6.arpa pointed at your nameserver. That means that you need to be able to run a nameserver hosting that rDNS domain, plus a backup nameserver. I suppose you could ask for a handfull of fixed entries but that would mean calling support a lot to get each entry changed.
In my case, and its probably the same for others, I have another site that I can run a DNS server on so I get the minimum required (not enforced at all) two nameservers at two different sites. A lot of people seem to have Comcast business service to serve a satelite site. It is also possible to have one DNS server on your Comcast supported site for the rDNS domain at the risk of having greater chance of DNS failure.
Oops. For a /24 top level allocation I should have checked 6 digits as in:
host -t ns 0.3.3.0.6.2.ip6.arpa
Host 0.3.3.0.6.2.ip6.arpa not found: 3(NXDOMAIN)
same result though.
I tried every doing a PTR and then doing an NS request knocking off a digit at a time and found nothing in the 2603:3000::/24 rDNS space. I'm hoping I'm doing something wrong and Comcast doesn't have no rDNS at all.
I'm trying to check with support whether IPv6 rDNS is supported at all and if not, when it will be. Unfortunately I keep getting the "We’re sorry, but none of our Customer Care Representatives are available at this time." message.
Thanks for the replies. We did figure this out and while I hate to admit it this was an error on our part. We have both Comcast Business Class Cable and the Comcast Enterprise EDI (dedicated Internet over fiber). The EDI is our main Internet connection and the cable is a backup connection. We have the cable piped over to a specific port where we use the connection to test things off of the primary network. We recently did a reorg of our server room, this involved adding new switches and recabling everything. Somehow we ended up plugging the cable Internet connection from the modem into our switch stack - which was already connected to the EDI. Things understandably got a little weird.
In summary: this was not a Comcast error. It was our flub and we have resolved it.
Is your IPv6 prefix part of the 2603:3000::/24 Comcast address delegation, or is it part of some other address space. I just retried every walking back every byte for an address in my own rDNS (2603:3005:5602:8a::/56) looking for an NS record and other than a lot of NXDOMAIN responses I got
host -t ns 184.108.40.206.2.ip6.arpa
220.127.116.11.2.ip6.arpa has no NS record
host -a 18.104.22.168.2.ip6.arpa
10800 IN SOA z.arin.net. dns-ops.arin.net. [...]
The DNS lookup of 0.6.2.ip6.arpa returns a DNSSEC signed zone with NS records for 0.6.2.ip6.arpa but apparently there is nothing at all below that. The SOA record indicates it is an ARIN zone which makes sense. ARIN is the American Registry for Internet Numbers who is the entity that would allocate address space to Comcast (ARIN in turn gets numbers from ICANN - Internet Corporation for Assigned Names and Numbers).
If your address space is in this delegation, then I'm missing something. And that might be good news since it might mean that getting rDNS for Comcast Business Class Cable (the only thing available here) is not hopeless. It would be nice to know if I am actually missing something or if your address is in some other high level address delegation.