[Asterisk-Dev] Digium CVS/DNS Issues

Wolfgang S. Rupprecht list+asterisk-dev at lists.wsrcc.com
Thu Mar 31 10:12:55 MST 2005


critch at basesys.com (Steven Critchfield) writes:
> Not a -dev question. Not a DNS issue we can fix for you as there seems
> to be no problem here. Even the fact that your email message made it out
> proves that the DNS at your mail server was able to resolve the
> addresses.

Well, there are a few errors that can be corrected...  (appended below)

-wolfgang

Cut and pasted from:
http://www.dnsreport.com/tools/dnsreport.ch?domain=digium.com

==
digium.com
==

WARNING: At least one of your nameservers did not return your NS
records (it reported 0 answers). This could be because of a referral,
if you have a lame nameserver (which would need to be fixed).

203.20.52.5 returns 0 answers (may be a referral)
64.21.79.162 returns 0 answers (may be a referral)
66.179.171.205 returns 0 answers (may be a referral)
194.196.163.7 returns 0 answers (may be a referral)

==

ERROR: You have one or more lame nameservers. These are nameservers
that do NOT answer authoritatively for your domain. This is bad; for
example, these nameservers may never get updated. The following
nameservers are lame:

203.20.52.5
64.21.79.162
66.179.171.205
216.27.184.9
194.196.163.7

==

FAIL: You have one or more missing (stealth) nameservers. The
following nameserver(s) are listed (at your nameservers) as
nameservers for your domain, but are not listed at the the parent
nameservers (therefore, they may or may not get used, depending on
whether your DNS servers return them in the authority section for
other requests, per RFC2181 5.4.1). You need to make sure that these
stealth nameservers are working; if they are not responding, you may
have serious problems! The DNS Report will not query these servers, so
you need to be very careful that they are working properly.

marko.marko.net.

This is listed as an ERROR because there are some cases where nasty
problems can occur (if the TTLs vary from the NS records at the root
servers and the NS records point to your own domain, for example). 

==

ERROR: One or more of the nameservers listed at the parent servers are
not listed as NS records at your nameservers. The problem NS records
are: bos.nameserver.net.

marko.net.
phl.nameserver.net.
rdu.nameserver.net.
sjc.nameserver.net.
sou.nameserver.net.

==

Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [e.gtld-servers.net.]!
Stealth nameservers are leaked [f.gtld-servers.net.]!
Stealth nameservers are leaked [g.gtld-servers.net.]!
Stealth nameservers are leaked [d.gtld-servers.net.]!
Stealth nameservers are leaked [b.gtld-servers.net.]!
Stealth nameservers are leaked [a.gtld-servers.net.]!
Stealth nameservers are leaked [i.gtld-servers.net.]!
Stealth nameservers are leaked [k.gtld-servers.net.]!
Stealth nameservers are leaked [j.gtld-servers.net.]!
Stealth nameservers are leaked [l.gtld-servers.net.]!
Stealth nameservers are leaked [m.gtld-servers.net.]!
Stealth nameservers are leaked [c.gtld-servers.net.]!
Stealth nameservers are leaked [h.gtld-servers.net.]!

This can cause some serious problems (especially if there is a TTL
discrepancy). If you must have stealth NS records (NS records listed
at the authoritative DNS servers, but not the parent DNS servers), you
should make sure that your DNS server does not leak the stealth NS
records in response to other queries.

==

WARNING: Your SOA (Start of Authority) record states that your master
(primary) name server is: marko.marko.net.. However, that server is
not listed at the parent servers as one of your NS records! This is
probably legal, but you should be sure that you know what you are
doing.

==

WARNING: Your SOA REFRESH interval is : 43200 seconds. This seems a
bit high. You should consider decreasing this value to about 3600-7200
seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds
(20 minutes to 12 hours, with the longer time periods used for very
slow Internet connections; 12 hours seems very high to us), and if you
are using DNS NOTIFY the refresh value is not as important (RIPE
recommends 86400 seconds if using DNS NOTIFY). This value determines
how often secondary/slave nameservers check with the master for
updates. A value that is too high will cause DNS changes to be in
limbo for a long time.

==

WARNING: You have duplicate MX records. This means that mailservers
may try delivering mail to the same IP more than once. Although
technically valid, this is very confusing, and wastes resources. The
duplicate MX records are:

digium.com.mail1.psmtp.com. and digium.com.mail2.psmtp.com. both resolve to 64.18.4.10.
digium.com.mail1.psmtp.com. and digium.com.mail3.psmtp.com. both resolve to 64.18.4.10.
digium.com.mail1.psmtp.com. and digium.com.mail4.psmtp.com. both resolve to 64.18.4.10.
digium.com.mail2.psmtp.com. and digium.com.mail3.psmtp.com. both resolve to 64.18.4.10.
digium.com.mail2.psmtp.com. and digium.com.mail4.psmtp.com. both resolve to 64.18.4.10.
digium.com.mail3.psmtp.com. and digium.com.mail4.psmtp.com. both
resolve to 64.18.4.10.

==

WARNING: One or more of your mailservers is claiming to be a host
other than what it really is (the SMTP greeting should be a 3-digit
code, followed by a space or a dash, then the host name). This
probably won't cause any harm, but is a technical violation of RFC821
4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP
greeting should have an A record pointing back to the same server.

digium.com.mail1.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 129 y6_0_1c0 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
digium.com.mail2.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 133 y6_0_1c0 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
digium.com.mail3.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 133 y6_0_1c0 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
digium.com.mail4.psmtp.com claims to be invalid hostname 'Postini':
   220 Postini ESMTP 116 y6_0_1c0 ready. CA Business and Professions
   Code Section 17538.45 forbids use of this system for unsolicited
   electronic mail advertisements. 

==
end
==



More information about the asterisk-dev mailing list