diff --git a/CHANGELOG.md b/CHANGELOG.md index fde29af0..2a862b88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ Mail: Control panel: -* When IPv6 is enabled, check that system services are accessible over IPv6 too. +* When IPv6 is enabled, check that system services are accessible over IPv6 too and that reverse DNS is setup correctly for the IPv6 address. * Explanatory text for setting up secondary nameserver is added/fixed. * DNS checks now have a timeout in case a DNS server is not responding, so the checks don't stall indefinitely. * Better messages if external DNS is used and, weirdly, custom secondary nameservers are set. diff --git a/management/status_checks.py b/management/status_checks.py index 68f4a57b..6b49fd43 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -347,15 +347,20 @@ def check_primary_hostname_dns(domain, env, output, dns_domains, dns_zonefiles): issues listed here.""" % (env['PUBLIC_IP'], ip)) - # Check reverse DNS on the PRIMARY_HOSTNAME. Note that it might not be + # Check reverse DNS matches the PRIMARY_HOSTNAME. Note that it might not be # a DNS zone if it is a subdomain of another domain we have a zone for. - ipaddr_rev = dns.reversename.from_address(env['PUBLIC_IP']) - existing_rdns = query_dns(ipaddr_rev, "PTR") - if existing_rdns == domain: - output.print_ok("Reverse DNS is set correctly at ISP. [%s ↦ %s]" % (env['PUBLIC_IP'], env['PRIMARY_HOSTNAME'])) - else: + existing_rdns_v4 = query_dns(dns.reversename.from_address(env['PUBLIC_IP']), "PTR") + existing_rdns_v6 = query_dns(dns.reversename.from_address(env['PUBLIC_IPV6']), "PTR") if env.get("PUBLIC_IPV6") else None + if existing_rdns_v4 == domain and existing_rdns_v6 in (None, domain): + output.print_ok("Reverse DNS is set correctly at ISP. [%s ↦ %s]" % ( + env['PUBLIC_IP'] + (("/"+env['PUBLIC_IPV6']) if env.get("PUBLIC_IPV6") else ""), + env['PRIMARY_HOSTNAME'])) + elif existing_rdns_v4 == existing_rdns_v6 or existing_rdns_v6 is None: output.print_error("""Your box's reverse DNS is currently %s, but it should be %s. Your ISP or cloud provider will have instructions - on setting up reverse DNS for your box at %s.""" % (existing_rdns, domain, env['PUBLIC_IP']) ) + on setting up reverse DNS for your box.""" % (existing_rdns_v4, domain) ) + else: + output.print_error("""Your box's reverse DNS is currently %s (IPv4) and %s (IPv6), but it should be %s. Your ISP or cloud provider will have instructions + on setting up reverse DNS for your box.""" % (existing_rdns_v4, existing_rdns_v6, domain) ) # Check the TLSA record. tlsa_qname = "_25._tcp." + domain