Results 1 to 6 of 6
  1. #1

    What do you think of these items from dnsreport.com

    I recently switched hosts, and when I do a DNSReport.com report, I get the following alerts... What do you all think of this? (Temporarily, I'm concealing who the particular host is). (By the way, make a point to memorize the name and/or bookmark it, and never, ever accidentally go to the cybersquatter/scumbag/typo collector "DNSREPORTS" (plural) .com

    Thanks

    1. ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are: (ommitted)

    Comments: I did run the actual test provided by DNSReport, and the server is definitly allowing recursive lookups.

    2. WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C (technically, /24) address space, which means that they are probably at the same physical location. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location.

    3. ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure.

    Comments: I was curious about this myself, because my cursory investigation seemed to indicate two different servers (although the IP addresses were right next to one another, so it could be a machine with multiple IPs).

    Any thoughts?

    Thanks
    Last edited by johnxtampa; 09-11-2006 at 09:45 AM.

  2. #2
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    What you listed is not the best solution available, but it is a solution that is implemented by probably the majority of hosts out there. (Single server setups)

  3. #3
    Join Date
    Aug 2006
    Location
    CA/TX USA
    Posts
    959
    If the two NS records are IPs from your dedi server, you can always grab a third NS from your host (that's just one solution to cleaning up that particular error).
    ██ UBERHOST
    NEXT GENERATION HOSTING
    Managed dedicated & shared hosting

  4. #4
    Join Date
    Jan 2005
    Location
    Richmond, VA
    Posts
    3,102
    Why not ask your host? That'd be the easiest way to cut the speculation and find out for sure.
    Daniel B., CEO - Bezoka.com and Ungigs.com
    Hosting Solutions Optimized for: WordPress Joomla OpenCart Moodle
    Data Centers in: Chicago (US), London (UK), Sydney (AU), Sofia (BG), Pori (FI)
    Email Daniel directly: ceo [at] bezoka.com

  5. #5
    Join Date
    May 2005
    Location
    Chicago, IL USA
    Posts
    1,428
    Yes, I woujld bring this to the attention of your host immediately. They may be unaware of the issue entirely.
    ||| Mike Bowers - Marketing Director
    ||| atOmicVPS LTD
    ||| OnApp Powered Linux & Windows Cloud Hosting ► [Shared] ► [Reseller] ► [VPS]
    ||| Follow the atOmicVPS Blog

  6. #6
    Join Date
    Jul 2005
    Location
    Huh... where am I again?
    Posts
    974
    Quote Originally Posted by johnxtampa
    2. WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C (technically, /24) address space, which means that they are probably at the same physical location. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location.
    Ask your host to see if they'll do another DNS on a separate server or at least a different C class IP.
    Quote Originally Posted by johnxtampa
    3. ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure.

    Comments: I was curious about this myself, because my cursory investigation seemed to indicate two different servers (although the IP addresses were right next to one another, so it could be a machine with multiple IPs).
    I'm not sure how they are doing the tests, but testing domains that I know are ran from physically different DNS servers shows
    WARNING: Although you have at least 2 NS records, they may both point to the same server (one of our two tests shows them being the same, the other does not), which would result in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.
    So, it's most likely their other test, whatever that might be, is showing correctly. How did you test?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •