[Asterisk-Dev] Digium CVS/DNS Issues

Jerris, Michael MI mjerris at ofllc.com
Thu Mar 31 12:05:05 MST 2005 

How is this an issue for the dev list? 

-----Original Message-----
From: asterisk-dev-bounces at lists.digium.com
[mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of Wolfgang S.
Rupprecht
Sent: Thursday, March 31, 2005 12:13 PM
To: asterisk-dev at lists.digium.com
Subject: Re: [Asterisk-Dev] Digium CVS/DNS Issues


critch at basesys.com (Steven Critchfield) writes:
> Not a -dev question. Not a DNS issue we can fix for you as there seems

> to be no problem here. Even the fact that your email message made it 
> out proves that the DNS at your mail server was able to resolve the 
> addresses.

Well, there are a few errors that can be corrected...  (appended below)

-wolfgang

Cut and pasted from:
http://www.dnsreport.com/tools/dnsreport.ch?domain=digium.com

==
digium.com
==

WARNING: At least one of your nameservers did not return your NS records
(it reported 0 answers). This could be because of a referral, if you
have a lame nameserver (which would need to be fixed).

203.20.52.5 returns 0 answers (may be a referral)
64.21.79.162 returns 0 answers (may be a referral)
66.179.171.205 returns 0 answers (may be a referral)
194.196.163.7 returns 0 answers (may be a referral)

==

ERROR: You have one or more lame nameservers. These are nameservers that
do NOT answer authoritatively for your domain. This is bad; for example,
these nameservers may never get updated. The following nameservers are
lame:

203.20.52.5
64.21.79.162
66.179.171.205
216.27.184.9
194.196.163.7

==

FAIL: You have one or more missing (stealth) nameservers. The following
nameserver(s) are listed (at your nameservers) as nameservers for your
domain, but are not listed at the the parent nameservers (therefore,
they may or may not get used, depending on whether your DNS servers
return them in the authority section for other requests, per RFC2181
5.4.1). You need to make sure that these stealth nameservers are
working; if they are not responding, you may have serious problems! The
DNS Report will not query these servers, so you need to be very careful
that they are working properly.

marko.marko.net.

This is listed as an ERROR because there are some cases where nasty
problems can occur (if the TTLs vary from the NS records at the root
servers and the NS records point to your own domain, for example). 

==

ERROR: One or more of the nameservers listed at the parent servers are
not listed as NS records at your nameservers. The problem NS records
are: bos.nameserver.net.

marko.net.
phl.nameserver.net.
rdu.nameserver.net.
sjc.nameserver.net.
sou.nameserver.net.

==

Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [e.gtld-servers.net.]!
Stealth nameservers are leaked [f.gtld-servers.net.]!
Stealth nameservers are leaked [g.gtld-servers.net.]!
Stealth nameservers are leaked [d.gtld-servers.net.]!
Stealth nameservers are leaked [b.gtld-servers.net.]!
Stealth nameservers are leaked [a.gtld-servers.net.]!
Stealth nameservers are leaked [i.gtld-servers.net.]!
Stealth nameservers are leaked [k.gtld-servers.net.]!
Stealth nameservers are leaked [j.gtld-servers.net.]!
Stealth nameservers are leaked [l.gtld-servers.net.]!
Stealth nameservers are leaked [m.gtld-servers.net.]!
Stealth nameservers are leaked [c.gtld-servers.net.]!
Stealth nameservers are leaked [h.gtld-servers.net.]!

This can cause some serious problems (especially if there is a TTL
discrepancy). If you must have stealth NS records (NS records listed at
the authoritative DNS servers, but not the parent DNS servers), you
should make sure that your DNS server does not leak the stealth NS
records in response to other queries.

==

WARNING: Your SOA (Start of Authority) record states that your master
(primary) name server is: marko.marko.net.. However, that server is not
listed at the parent servers as one of your NS records! This is probably
legal, but you should be sure that you know what you are doing.

==

WARNING: Your SOA REFRESH interval is : 43200 seconds. This seems a bit
high. You should consider decreasing this value to about 3600-7200
seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds
(20 minutes to 12 hours, with the longer time periods used for very slow
Internet connections; 12 hours seems very high to us), and if you are
using DNS NOTIFY the refresh value is not as important (RIPE recommends
86400 seconds if using DNS NOTIFY). This value determines how often
secondary/slave nameservers check with the master for updates. A value
that is too high will cause DNS changes to be in limbo for a long time.

==

WARNING: You have duplicate MX records. This means that mailservers may
try delivering mail to the same IP more than once. Although technically
valid, this is very confusing, and wastes resources. The duplicate MX
records are:

digium.com.mail1.psmtp.com. and digium.com.mail2.psmtp.com. both resolve
to 64.18.4.10.
digium.com.mail1.psmtp.com. and digium.com.mail3.psmtp.com. both resolve
to 64.18.4.10.
digium.com.mail1.psmtp.com. and digium.com.mail4.psmtp.com. both resolve
to 64.18.4.10.
digium.com.mail2.psmtp.com. and digium.com.mail3.psmtp.com. both resolve
to 64.18.4.10.
digium.com.mail2.psmtp.com. and digium.com.mail4.psmtp.com. both resolve
to 64.18.4.10.
digium.com.mail3.psmtp.com. and digium.com.mail4.psmtp.com. both resolve
to 64.18.4.10.

==

WARNING: One or more of your mailservers is claiming to be a host other
than what it really is (the SMTP greeting should be a 3-digit code,
followed by a space or a dash, then the host name). This probably won't
cause any harm, but is a technical violation of RFC821
4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP
greeting should have an A record pointing back to the same server.

digium.com.mail1.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 129 y6_0_1c0 ready. CA Business and Professions
Code Section 17538.45 forbids use of this system for unsolicited
electronic mail advertisements.
digium.com.mail2.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 133 y6_0_1c0 ready. CA Business and Professions
Code Section 17538.45 forbids use of this system for unsolicited
electronic mail advertisements.
digium.com.mail3.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 133 y6_0_1c0 ready. CA Business and Professions
Code Section 17538.45 forbids use of this system for unsolicited
electronic mail advertisements.
digium.com.mail4.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 116 y6_0_1c0 ready. CA Business and Professions
   Code Section 17538.45 forbids use of this system for unsolicited
   electronic mail advertisements. 

==
end
==
_______________________________________________
Asterisk-Dev mailing list
Asterisk-Dev at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-dev
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list