[BlueOnyx:06225] Re: Lame Name Servers

Titus Bolton titus at antennasystems.com
Mon Jan 3 11:51:33 -05 2011 

Per request, I have attached the DNSStuff report.

We are also looking into the zone to make sure that all is configured properly.

Category	Status	Test Name	Information
Parent	PASS	Missing Direct Parent check	OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.
INFO	NS records at parent servers	Your NS records at the parent servers are:

ns1.comsiteconstruction.com. [216.132.149.46] [TTL=172800] [US]
ns2.comsiteconstruction.com. [216.132.149.47] [TTL=172800] [US]
ns3.comsiteconstruction.com. [206.135.249.30] [TTL=172800] [US]
[These were obtained from c.gtld-servers.net]
PASS	Parent nameservers have your nameservers listed	OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there.
PASS	Glue at parent nameservers	OK. The parent servers have glue for your nameservers. That means they send out the IP address of your nameservers, as well as their host names.
PASS	DNS servers have A records	OK. All your DNS servers either have A records at the zone parent servers, or do not need them (if the DNS servers are on other TLDs). A records are required for your hostnames to ensure that other DNS servers can reach your DNS servers. Note that there will be problems if your DNS servers do not have these same A records.
NS	INFO	NS records at your nameservers	Your NS records at your nameservers are:

[None of your nameservers returned your NS records; they could be down or unreachable, or could all be lame nameservers]
PASS	Open DNS servers	OK. Your DNS servers do not announce that they are open DNS servers. Although there is a slight chance that they really are open DNS servers, this is very unlikely. Open DNS servers increase the chances that of cache poisoning, can degrade performance of your DNS, and can cause your DNS servers to be used in an attack (so it is good that your DNS servers do not appear to be open DNS servers).
PASS	Mismatched glue	OK. The DNS report did not detect any discrepancies between the glue provided by the parent servers and that provided by your authoritative DNS servers.
PASS	No NS A records at nameservers	OK. Your nameservers do include corresponding A records when asked for your NS records. This ensures that your DNS servers know the A records corresponding to all your NS records.
WARN	All nameservers report identical NS records	WARNING: At least one of your nameservers did not return your NS records (it reported 0 answers). This could be because of a referral, if you have a lame nameserver (which would need to be fixed).

216.132.149.46 returns 0 answers (may be a referral)
216.132.149.47 returns 0 answers (may be a referral)
206.135.249.30 returns 0 answers (may be a referral)
PASS	All nameservers respond	OK. All of your nameservers listed at the parent nameservers responded.
PASS	Nameserver name validity	OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
PASS	Number of nameservers	OK. You have 3 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
FAIL	Lame nameservers	ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame: 
216.132.149.46
216.132.149.47
206.135.249.30
PASS	Missing (stealth) nameservers	OK. All 0 of your nameservers (as reported by your nameservers) are also listed at the parent servers.
FAIL	Missing nameservers 2	ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.comsiteconstruction.com.
ns2.comsiteconstruction.com.
ns3.comsiteconstruction.com.
PASS	No CNAMEs for domain	OK. There are no CNAMEs for comsiteconstruction.com. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
PASS	No NSs with CNAMEs	OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
PASS	Nameservers on separate class C's	OK. You have nameservers on different Class C (technically, /24) IP ranges. You must have nameservers at geographically and topologically dispersed locations. RFC2182 3.1 goes into more detail about secondary nameserver location.
PASS	All NS IPs public	OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
PASS	TCP Allowed	OK. All your DNS servers allow TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems.
INFO	Nameservers versions	Your nameservers have the following versions:

216.132.149.46: "100.100.100"
216.132.149.47: "100.100.100"
206.135.249.30: "100.100.100"
PASS	Stealth NS record leakage	Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.
SOA	FAIL	SOA Record	No valid SOA record came back:
is not comsiteconstruction.com.


Kind regards,

Titus Bolton
Antenna Systems & Solutions, Inc.
931 Albion Avenue
Schaumburg, Illinois 60193-4550
United States of America
Phone: +1-847-584-1000   Fax: +1-847-584-9951
http://www.antennasystems.com
 
GSA Contract Number: GS-35F-0479T        
Electronic Counter Measures, Trap and Trace Devices, and accessories.
 
Watch our network broadcast television interviews on www.youtube.com/antennasystems
  
Confidentiality note:   
This message is the property of Antenna Systems & Solutions, Inc. and contains information which may be privileged or confidential.  It is meant only for the intended recipients and/or their authorized agents.  If you believe you have received this message in error, please notify us immediately by return e-mail and destroy any printed or electronic copies of this message.  Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful.   Thank you for your cooperation.




On Jan 3, 2011, at 9:37 AM, Chris Gebhardt - VIRTBIZ Internet wrote:

> Titus Bolton wrote:
>> First and foremost, hello all and Snappy Snew Year.
>> 
>> Has anyone had any problems with lame name servers on BQ/BO?
>> 
>> If anyone has had experience in resolving this type of issue I would 
>> love to hear about it.  I can provide information needed.  One of the 
>> domains that we're having issues with is comsiteconstruction.com 
>> <http://comsiteconstruction.com>
>> 
>> From DNSStuff we're getting these three failures:
>> Lame Nameservers (they don't answer authoritatively for the domain)
>> 
>> Missing Nameservers 2
>> ns1.comsiteconstruction.com <http://ns1.comsiteconstruction.com>
>> ns2.comsiteconstruction.com <http://ns2.comsiteconstruction.com>
>> ns3.comsiteconstruction.com <http://ns3.comsiteconstruction.com>
>> 
>> SOA Record: No valid SOA came back.
> 
> Sounds to me like you don't have the DNS zone set correctly.   Make sure 
> you have the domain configured in DNS and you have the SOA correctly set 
> with the primary and secondary nameserver fields filled out.
> -- 
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated
> www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110103/58d3d2c7/attachment.html>

More information about the Blueonyx mailing list