Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2005
    Posts
    533

    DNSreprt for my accounts fails!

    Hello

    Yesteeday I have re-installed my OS and my boss did the configurations.

    he had an accident and I really need help.

    The accounts are restored but the dnsreport for my domain shodes the below failures.


    Open DNS servers :
    ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

    Server XXX.XXX.XX.XXX reports that it will do recursive lookups. [test]
    Server XXX.XXX.XX.XXX reports that it will do recursive lookups. [test]
    ================


    Missing (stealth) nameservers :

    FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

    ns1.localdomain.
    ns2.localdomain.

    This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).



    ==================
    Missing nameservers 2 :

    ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
    ns1.mydomain.com.
    ns2.mydomain.com

    ==============
    Single Point of Failure :

    ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

    ===============

    Stealth NS record leakage :

    Your DNS servers leak stealth information in non-NS requests:

    Stealth nameservers are leaked [ns1.localdomain.]!
    Stealth nameservers are leaked [ns2.localdomain.]!

    This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.

    ============

    All MX IPs public :

    Error: At least one of your MX records points to an IP address that is not a public IP. The problem IP(s) are:

    xxx.xxx.x.xxx is not a public IP

    Note that these IPs are not reachable, which can cause extra resource usage, slight mail delays, and possibly bounced mail.

    =============
    Reverse DNS entries for MX records :

    ERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server). The problem MX records are:
    xxx.x.xxx.xxx.in-addr.arpa [No reverse DNS entry (rcode: 3 ancount: 0) (check it)]


    ===============

    Connect to mail servers :

    ERROR: I could not complete a connection to any of your mailservers!

    gigapars.com: Timed out [Last data sent: [Did not connect]]

    If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your mail *may* work fine in this case but you will need to use testing tools specifically designed for such situations to be certain.

    ===============
    All WWW IPs public :
    Error: At least one of your WWW IPs is not a public IP. The problem IP(s) are:

    xxx.xxx.x.xxx is not a public IP

    That means that some or all people trying to get to your web site will not be able to get there.




    i am really confused.
    what shoudl I do?

    Please help me.

    Thanks

  2. #2
    Join Date
    Dec 2004
    Location
    Butler,TN
    Posts
    2,413
    Hi!
    It tells you what is wrong...so fix the things you can. Ok...go here to learn how to fix some of these things:

    http://www.webhostgear.com

    They have tutorials on a ton of cpanel problems..and other problems as well. It looks like you have a lot of problems there. non-public ips are not a problem I've seem before...I don't think there is a "quick fix" for that...how did you end up with non-public ips? What kind of server is this? Share more info on setups..and I may be able to help.

    Bryon
    Bryon L Harvey
    Soil Relocation Engineer

  3. #3
    Join Date
    Apr 2004
    Location
    India
    Posts
    211
    You can fix these errors:

    Open DNS servers :
    ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

    Server XXX.XXX.XX.XXX reports that it will do recursive lookups. [test]
    Server XXX.XXX.XX.XXX reports that it will do recursive lookups. [test]

    You need to edit your named.conf and add "recursion no;" after directory /var/named.

    Then save this file and restart named.

    The other errors seem that your zone is not created properly or the name servers are nt matching the ones with the name servers that you have with your registrar.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •