** Andy Smith <andy(a)bitfolk.com> [2019-01-11 15:10]:
<snip>
If sending email out of a VPS, I would recommend *not*
doing it by
IPv6 unless you set your IPv6 reverse DNS. It's usually quite easy
to tell the MTA to use a specific address to send out the email, so
if I wasn't going to set the v6 reverse DNS I'd recommend setting
the MTA to use only the single IPv4 address that has proper reverse
DNS.
But I would encourage anyone who wants to set their own v6 reverse
DNS to at least give setting up their own DNS server a try. A
customer who already did it wrote instructions in the wiki:
https://tools.bitfolk.com/wiki/IPv6#Reverse_DNS
That boils down to:
- apt install bind9
- write zone content somewhere like
/var/lib/bind/4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa
- add zone declaration for
"4.0.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa" to /etc/bind/named.conf.local
- sudo systemctl reload bind9.service
- watch the logs
- test with local query:
$ dig -x 2001:ba8:1f1:f004::2 @localhost
- you could delegate the zone now, but you only have one nameserver.
Better would be to contact support(a)bitfolk.com and ask for the
zone to be mirrored on the BitFolk nameservers, so do that
- when that's all working, go to the Panel and delegate the zone to
your VPS and the three BitFolk nameservers, or just the BitFolk
ones if you're wanting to do hidden master.
That's it.
It seems simpler than a lot of other things you've already done
on your VPS.
** end quote [Andy Smith]
I run Bind on my local network, but (although I keep thinking about moving it
to my VPS) I am currently using Hurricane Electrice for my external DNS, which
includes reverse DNS for my IPv6 ranges (Bitfolk and the alocation from my
ISP). It may be worth looking into if you don't want to run your own Bind,
which I agree, is a lot less hassle than people think. My DNS & Bind from
O'Reilly is a massive tome, but I don't think I've actually used it - I
bought
it years ago when I was managing AIX boxes, but again never needed it!
https://dns.he.net/
The only downside I've found so far is that there's no support for updating
automatically for validating Letsencrypt certificates using DNS.
--
Paul Tansom | Aptanet Ltd. |
https://www.aptanet.com/ | 023 9238 0001
Vice Chair, FSB Portsmouth & SE Hampshire Branch |
http://www.fsb.org.uk/
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP