IPv6 valid SPF entry - shortened ipv6

  • - IMSCP: 1.5.3

    - Distribution: Debian 9


    With my DC provider, the ipv6 shortened is also displayed in the DC default network setup e.g.

    Original: 2041:0000:140F:0000:0000:0000:875B:131B

    Short: 2041:0000:140F::875B:131B


    In the short ipv6 (default) version, the zeros are replaced by a :: wildcard, MXtoolbox finds the right SPF entry with it, but I've seen problems with hotmail and outlook since the ipv6 setup.

    Can I use the short ipv6 IP address in postfix and DNS zone or should I convert it as a complete original ipv6 address?


    e.g. via:

    https://dnschecker.org/ipv6-expand.php


    spf looks like this right now:

    Code
    1. v=spf1 a mx ip4:44.44.444.444 ip6:2041:0000:140F::875B:131B ~all

    Edited 2 times, last by fulltilt ().

  • You are fine with the shortened IPv6 address - it should work out of the box.


    All of them are valid and the same address:

    2041:0:140F::875B:131B

    2041:0000:140F::875B:131B

    2041:0:140F:0:0:0:875B:131B

    2041:0000:140F:0000:0000:0000:875B:131B


    If no prefix-length is given, /128 is assumed - your entry: ip6:2041:0000:140F::875B:131B, will be interpreted as: ip6:2041:0:140F::875B:131B/128


    You can use a double colon to replace many 0 (zero) blocks in an IPv6-address - but it can only used once, so this address would be invalid: 2041::140F::875B:131B


    Your SPF looks fine and you are using ~all, so no message should be rejected based on the SPF-Check.


    I do not think that your issues with Outlook/Hotmail are related to your IPv6 change ;-)

  • You do not have to - it is only for "monitoring" the services over the I-MSCP backend - some kind of status page within I-MSCP.


    But I suggest to add the address under:

    * Settings -> Address Management

  • You do not have to - it is only for "monitoring" the services over the I-MSCP backend - some kind of status page within I-MSCP.


    But I suggest to add the address under:

    * Settings -> Address Management

    Thank you!

    the problem is, I can not select eth0:0 and with eth0 it shows some info icons to change afterwards.

    auto eth0:0
    iface eth0:0 inet6 static



  • Did you add the address in automatic or manual mode? I added them manually. eth0 should be fine in your case :-)


    Your network configuration can look like this (as example):


    There is no need to create a secondary/an alias interface ;-)


    Update: Saw that you added it automatically - remove it and add the address manually. Also change/adjust your network settings based on my example and all should be fine

  • Update: Saw that you added it automatically - remove it and add the address manually. Also change/adjust your network settings based on my example and all should be fine


    Seems to work now, I had to reboot because of the pervious auto setting a different IP was created ...


    This is a Hetzner cloud, so I can configure the network statically but only with ipv4, after that the ipv6 resolution no longer works. But the IP addresses are still fixed, I think it works with the Hetzner standard network cloud configuration - everything is OK in the I-mscp panel now ... or what do you think about it?


    The resolution still works, should the IPv6 also be into /etc/hosts?

  • I suspected that a reboot could be required after network changes.


    I am not familiar with Hetzner, but I think if it is working, it is going to be ok ;-)


    Concerning /etc/hosts: This is up to you. As long as you have IPv4 entries in /etc/hosts, everything will work as expected ;-) It is not necessary to add the IPv6 address for Dualstack IPv4/IPv6 systems :-)

  • OK, panel, postfix, dovecot, proftpd and apache2 are reachable over IPv6 and Gmail also accepts IPv6 connections w/ valid ipv6 SPF include.

    I use external PDNS name servers, these are not yet set or registered to ipv6.


    Must the name servers resolve to ipv6 addresses or should mail ipv6 be deactivated if n1.mydomain.tld and ns2.mydomain.tld only resolve to ipv4 currently?

    All of my DNS zone records all have valid AAAA entrys, except ns1 and ns2 itself.

  • No, the name servers are not required to have an IPv6 address. They only point to the correct destination and are independent services.


    Conclusion in your case:

    Name servers have IPv4 (only)


    Services may have: IPv4 & IPv6 or only IPv4 or only IPv6