Tekil Mesaj gösterimi - dns hataları

Konu dns hataları

06-08-2009, 06:33:56

#2

Ni-Osman

Kurumsal PLUS

Dnsstuff dan rapor çıkarttım verdiğin alan adı için.. Yapman gerekenleri de alt kısma kopyaladım.. İlgili URL adreslerini kullanarak hatalar veya düzenlemelerle ilgili dokümanlara ulaşabilirsin.

Alıntı

FAIL
Open DNS servers
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server 212.175.84.136 reports that it will do recursive lookups. [test] Server 212.175.84.137 reports that it will do recursive lookups. [test]
See this page for info on closing open DNS servers.

-------------------------

FAIL
Missing (stealth) nameservers
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNSreport will not query these servers, so you need to be very careful that they are working properly.

ns.urunrehberi.com.

This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

------------------------------------------

FAIL
Missing nameservers 2
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns5.webadam.com.
ns6.webadam.com.

-------------------------------------------

WARN
Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C (technically, /24) address space, which means that they are probably at the same physical location. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.

---------------------------------------------------

FAIL
Stealth NS record leakage
Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [ns.urunrehberi.com.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.

-------------------------------------------

WARN
SOA MNAME CheckWARNING:
Your SOA (Start of Authority) record states that your master (primary) name server is: ns.urunrehberi.com.. However, that server is not listed at the parent servers as one of your NS records! This is legal, but you should be sure that you know what you are doing.

--------------------------------------------

WARN
Mail server host name in greeting
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mail.urunrehberi.com claims to be non-existent host WEBADAM.home: 220 WEBADAM.home ESMTP MailEnable Service, Version: 1.986-- ready at 08/06/09 06:28:24 

----------------------------------------

FAILAcceptance of postmaster addressERROR: One or more of your mailservers does not accept mail to postmaster@urunrehberi.com. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.

mail.urunrehberi.com's postmaster response: >>> RCPT TO:<postmaster@urunrehberi.com> <<< 550 Requested action not taken: mailbox unavailable or not local 

------------------------------------------------------

WARN
Acceptance of abuse address
WARNING: One or more of your mailservers does not accept mail to abuse@urunrehberi.com. Mailservers are expected by RFC2142 to accept mail to abuse.

mail.urunrehberi.com's abuse response: >>> RCPT TO:<abuse@urunrehberi.com> <<< 550 Requested action not taken: mailbox unavailable or not local 

-----------------------------------------------------

WARN
SPF record
Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).