dns report da sitemi sorgulattığım zaman şu hatalar çıkıyor
* hotmail , gmail gibi mail adreslerini mail atamıyorum.
FAIL
Open DNS servers
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually
means that anyone in the world can query it for domains it is not authoritative for (it is
possible that the DNS server advertises that it does recursive lookups when it does not, but
that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly
discouraged to have a DNS server be both authoritative for your domain and be recursive (even
if it is not open), due to the potential for cache poisoning (with no recursion, there is no
cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part
of an attack, by forging their IP address. Problem record(s) are:
means that anyone in the world can query it for domains it is not authoritative for (it is
possible that the DNS server advertises that it does recursive lookups when it does not, but
that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly
discouraged to have a DNS server be both authoritative for your domain and be recursive (even
if it is not open), due to the potential for cache poisoning (with no recursion, there is no
cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part
of an attack, by forging their IP address. Problem record(s) are:
Server .... reports that it will do recursive lookups. [
test]
See
this page for info on closing open DNS servers
Glue at parent nameservers
WARNING. The parent servers (I checked with ns3.nic.tr.) are not providing glue for all your
nameservers. This means that they are supplying the NS records (host.example.com), but not
supplying the A records (192.0.2.53), which can cause slightly slower connections, and may
cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable
behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as
your domain (for example, a DNS server of "ns1.example.
nameservers. This means that they are supplying the NS records (host.example.com), but not
supplying the A records (192.0.2.53), which can cause slightly slower connections, and may
cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable
behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as
your domain (for example, a DNS server of "ns1.example.
org" for the domain "example.com").
In this case, you can speed up the connections slightly by having NS records that are in the
same TLD as your domain.
In this case, you can speed up the connections slightly by having NS records that are in the
same TLD as your domain.
All nameservers respond
ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones
that did not respond are:
xxx.xxx.xxx.xxx
that did not respond are:
xxx.xxx.xxx.xxx
Note:
If you are running a Watchguard Firebox with DNS Proxy enabled, there may be a bug
causing port numbers
causing port numbers
Nameservers on separate class C's
WARNING: We cannot test to see if your nameservers are all on the same Class C
(technically, /24) range, because the root servers are not sending glue. We plan to add such a
test later, but today you will have to manually check to make sure that they are on separate
Class C ranges. Your nameservers should be at geographically dispersed locations. You should
not have all of your nameservers at the same location.
(technically, /24) range, because the root servers are not sending glue. We plan to add such a
test later, but today you will have to manually check to make sure that they are on separate
Class C ranges. Your nameservers should be at geographically dispersed locations. You should
not have all of your nameservers at the same location.
RFC2182 3.1 goes into more detail
about secondary nameserver location.
about secondary nameserver location.
Single Point of Failure
ERROR: Although you have at least 2 NS records, they both point to the same server, resulting
in a single point of failure. You are required to have at least 2 nameservers per
in a single point of failure. You are required to have at least 2 nameservers per
RFC 1035
section 2.2.
SOA Serial Number
WARNING: Your SOA serial number is:
WARNING: Your SOA serial number is:
200751014. That is OK, but the recommended format
(per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making
the 3rd change on 02 May 2006, you would use 2006050203. This number must be incremented
every time you make a DNS change.
(per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making
the 3rd change on 02 May 2006, you would use 2006050203. This number must be incremented
every time you make a DNS change.
Mail server host name in greeting
WARNING: One or more of your mailservers is claiming to be a host other than what it really is
(the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host
name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail
might get blocked by anti-spam software. This is also a technical violation of
WARNING: One or more of your mailservers is claiming to be a host other than what it really is
(the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host
name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail
might get blocked by anti-spam software. This is also a technical violation of
RFC821 4.3 (and
RFC2821
4.3.1). Note that the hostname given in the SMTP greeting should have an A record
pointing back to the same server. Note that this one test may use a cached DNS record.
pointing back to the same server. Note that this one test may use a cached DNS record.
uclermarket.com.tr claims to be host mail.merakdemo.com [but that host
is at xxx.xxx.xxx.xxx (may be cached), not xxx.xxx.xxx.xxx ]. <br />
is at xxx.xxx.xxx.xxx (may be cached), not xxx.xxx.xxx.xxx ]. <br />
Mail server host
name in greeting
WARNING: One or more of your mailservers is claiming to be a host other than what it really is
(the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host
name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail
might get blocked by anti-spam software. This is also a technical violation of
name in greeting
WARNING: One or more of your mailservers is claiming to be a host other than what it really is
(the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host
name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail
might get blocked by anti-spam software. This is also a technical violation of
RFC821 4.3 (and
RFC2821
4.3.1). Note that the hostname given in the SMTP greeting should have an A record
pointing back to the same server. Note that this one test may use a cached DNS record.
pointing back to the same server. Note that this one test may use a cached DNS record.
xxx.com claims to be host mail.merakdemo.com [but that
