IPv6 and PTR

I'm not able to email a Google gmail address. The bounce says I don't have a PTR. A closer look and its related to my IPv6 address.
I'm in charge of hosting the domain sending and it has a full set of DMARC, DKIM and SPF records. I don't remember ever setting a PTR and the closest thing seems to be on my Zen Internet control centre, but that only relates to my IPv4 addresses.

So do I need to create a new DNS record for PTR with the IPv6 address? I have full access to the DNS Zone using cPanel.

Thanks

Hi

I've had the same with ipv6 on my A&A and Zen connections, had to setup reverse dns for the ipv6 address my email server had before google would accept email from it. I used to be with Zen and had to email the ipv6 team to get the PTR setup.

Regards

Andrew

In reply to a post by andew:

I've had the same with ipv6 on my A&A and Zen connections...

Thanks Andrew, I've already emailed Zen support.
What I don't understand is how this rDNS record works. How is Google accessing it when my DNS Zone for this domain is 'elsewhere'. The NS record points to a host where the cPanel is. Nothing there points to Zen. I clearly don't understand (despite googling!) how this record works, if its different from the others.

Meanwhile I was able to send an email to gmail but looking at the headers it went via IPv4. The previous bounces specifically quoted my IPv6.

And/or... do I need an AAAA record?

Thanks

PTR records are set on your IP address, they're nothing to do with your domain.

For your IPv6 record your best bet is to ask Zen to delegate your allocation to a set of name servers that you control.

In reply to a post by jpm:

PTR records are set on your IP address, they're nothing to do with your domain.

OK, thanks. So a lookup for my domain gets sent to the namesever I've chosen. But a lookup for an IP gets sent to the owner of that address, in this case Zen?

Penny slowly making its way...

Technically a lookup for your domain goes to the root servers and then Nominet (for a .uk domain) and then they hold the record of which name server should answer the request.

Similarly a lookup on your IP goes to the root servers, then IANA, then RIPE, then your ISP and then to you if you have a delegation set up.

PTR lookups are done using special domains, which are delegated via the registries to the owners of the IP address space.

For IPv4, a PTR lookup for IP address 1.2.3.4 looks up the following name in the DNS:

4.3.2.1.in-addr.arpa.

For IPv6, a PTR lookup is under the domain "ip6.arpa". This is the address broken into hex nybbles and reversed. For example, a lookup for address 2001:db8::1 actually looks for

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.

Google's mail acceptance policies are mad. Google seem to think that setting these ridiculous bars will reduce the amount of spam, when in fact spammers are experts in mail delivery and are better at jumping through these hoops than most people.

It's typically better to configure your mail server to use only IPv4 for outgoing connections (even thought that means it's going through your NAT)

In reply to a post by candlerb:

Google's mail acceptance policies are mad.

Fully agree, and they also apply to companies using Google Workspace accounts, as well as free GMail accounts. Unfortunately Google’s email service a) works, and b) consumers like it, so they think they can get the rest of us to jump through their hoops!

In reply to a post by Woolwich:

I'm not able to email a Google gmail address. The bounce says I don't have a PTR. A closer look and its related to my IPv6 address.
I'm in charge of hosting the domain sending and it has a full set of DMARC, DKIM and SPF records. I don't remember ever setting a PTR and the closest thing seems to be on my Zen Internet control centre, but that only relates to my IPv4 addresses.

So do I need to create a new DNS record for PTR with the IPv6 address? I have full access to the DNS Zone using cPanel.

Thanks

Just talk to your ISP and get rDNS (Reverse DNS) set up for the IPv6 address your mail server is sending from. It's the exact same requirement that a sensible mail server requires from IPv4.

I set mine up several years ago and my ISP (IDNet) did it within an hour in response to my support request.

In reply to a post by jchamier:

In reply to a post by candlerb:

Google's mail acceptance policies are mad.

Fully agree, and they also apply to companies using Google Workspace accounts, as well as free GMail accounts. Unfortunately Google’s email service a) works, and b) consumers like it, so they think they can get the rest of us to jump through their hoops!

There's nothing mad about them. They are standard practice:

* MX records need to exist for sending(*) and receiving IP addresses.
* rDNS needs to be configured for outgoing IP addresses.
* SPF record needs to list all servers.

The last one might be optional (I can't remember) but it's something all mail senders should have anyway. If GMail is enforcing SPF records then hurrah!

(*)Not technically needed but any sensible mail host would reject mail from a server without a corresponding MX record.

Edited by Andrue (Mon 24-Jun-24 19:53:30)