Jump to content

Example of some DNS research


Wazoo

Recommended Posts

Posted

Results the day of this posting (some coloration did not make the transition)

http://www.dnsstuff.com/tools/dnstime.ch?n...ndas.org&type=A

<HTML><HEAD><TITLE>DNS Time</TITLE></HEAD><BODY BGCOLOR="#FFFFFF">

<CENTER><H2>Time to look up www.promovendas.org A record</H2><H5>Generated by <A HREF="http://www.DNSstuff.com">www.DNSstuff.com</A> at 03:27:30 GMT on 15 May 2005.</H5></CENTER>

</TABLE>

<PRE>

Searching for www.promovendas.org A record at i.root-servers.net Got referral to TLD6.ULTRADNS.CO.UK. [took 29 ms]

Searching for www.promovendas.org A record at TLD6.ULTRADNS.CO.UK. Got referral to ns3.pontonews.net. [took 10 ms]

[Had to look up A record for ns3.pontonews.net.; assume 200ms]

Searching for www.promovendas.org A record at ns3.pontonews.net. Reports an answer.

Record is:

<TABLE BORDER>

<TR><TH>Domain</TH><TH>Type</TH><TH>Class</TH><TH>TTL</TH><TH>Answer</TH></TR>

<TR><TD>www.promovendas.org.</TD><TD>CNAME</TD><TD>IN</TD><TD>1800</TD><TD>promovendas.org.</TD></TR>

<TR><TD>promovendas.org.</TD><TD>A</TD><TD>IN</TD><TD>1800</TD><TD><A HREF="http://www.DNSstuff.com/tools/whois.ch?ip=200.223.52.21">200.223.52.21</A></TD></TR>

<TR BGCOLOR="#CCCCCC"><TD>promovendas.org.</TD><TD>NS</TD><TD>IN</TD><TD>1800</TD><TD>ns1.dialserver.com.br.</TD></TR>

<TR BGCOLOR="#CCCCCC"><TD>promovendas.org.</TD><TD>NS</TD><TD>IN</TD><TD>1800</TD><TD>ns2.dialserver.com.br.</TD></TR>

<TR BGCOLOR="#EEEEEE"><TD>ns1.dialserver.com.br.</TD><TD>A</TD><TD>IN</TD><TD>30</TD><TD>200.223.52.18</TD></TR>

<TR BGCOLOR="#EEEEEE"><TD>ns2.dialserver.com.br.</TD><TD>A</TD><TD>IN</TD><TD>30</TD><TD>200.223.52.19</TD></TR>

</TABLE>

Looking up at ns4.pontonews.net.... [Had to look up A record for ns4.pontonews.net; assume +200ms]...Reports 2 A record(s). 5963ms.

Looking up at ns3.pontonews.net.... [Had to look up A record for ns3.pontonews.net; assume +200ms]...Reports 2 A record(s). 405ms.

Average of all 2 nameservers: <B>3184ms</B> (plus 239ms overhead).

<FONT SIZE=+2>Score: </FONT><FONT SIZE=+3 COLOR=RED><B>F</B></FONT>

Took off 3 points for ".org" TLD (extra lookups may be required to find the parent servers).

Took off 8 points for having no glue at a parent server [adds 2 extra packets to lookup].

Took off 6 points for having no glue for ns4.pontonews.net [adds 2 extra packets to lookup].

Took off 2 points since ns4.pontonews.net allows recursive lookups (if lots of people are using the server, it can slow down).

Took off 6 points for having no glue for ns3.pontonews.net [adds 2 extra packets to lookup].

Took off 2 points since ns3.pontonews.net allows recursive lookups (if lots of people are using the server, it can slow down).

Took off 3 points for having a CNAME (www.promovendas.org is really promovendas.org., which could potentially cause extra lookups).

Took off 25 points for >700ms average response time.

</PRE>Note: The 239ms overhead is the time it takes to get your NS records from the parent servers, and indicates a worst-case scenario (normally, the resolving DNS server would have the common parent server entries cached, and would know the parent server(s) that were responding most quickly).

The best times since the last time this web server was last restarted are: <B>3ms</B> average response, plus <B>30ms</B> overhead.

Note that these times are from a server located in the United States; if most of the people using your DNS are outside of the United States, your actual results may be better than what is shown here.

A rating of 'B' or higher is generally good. This tool is designed to make an educated guess about speed, and to point out potential factors that may reduce the DNS speed, and it is not perfect.<BR><BR>

<B>Note: If your results seem poor, it is most likely due to the 'no glue' issue. Do </B><I>not</I><B> blame your DNS hosting company. If you change your NS records to be ones on the </B>.org<B> TLD, it will fix this problem. This problem </B><I>only</I><B> affects the speed of initial DNS lookups on your domain.</B><BR>

</PRE>

<BR><BR><HR><CENTER><H6>© Copyright 2000-2005 R. Scott Perry</H6></CENTER>

</BODY></HTML>

Results the day of posting; (some coloration did not make the transition)

http://www.dnsreport.com/tools/dnsreport.c...promovendas.org

<HTML><HEAD><TITLE>DNS Report</TITLE></HEAD><BODY BGCOLOR="#FFFFFF">

<CENTER><H1>DNS Report for promovendas.org</H1><H5>Generated by <A HREF="http://www.DNSreport.com">www.DNSreport.com</A> at 03:29:40 GMT on 15 May 2005.</H5></CENTER>

<TABLE BORDER WIDTH="90%" ALIGN=CENTER CELLPADDING=2><TR><TH WIDTH="10%" BGCOLOR="#dddddd" ALIGN=CENTER>Category</TH><TH WIDTH="10%" BGCOLOR="#dddddd" ALIGN=CENTER>Status</TH><TH WIDTH="15%" BGCOLOR="#dddddd" ALIGN=CENTER>Test Name</TH><TH BGCOLOR="#dddddd" ALIGN=CENTER>Information</TH></TR>

<TR><TD ROWSPAN=4 WIDTH="10%">Parent</TD> <TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Missing Direct Parent check</TD><TD>OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">NS records at parent servers</TD><TD>Your NS records at the parent servers are:<BR><PRE>ns4.pontonews.net. [200.223.52.19 (NO GLUE)] [bR]

ns3.pontonews.net. [NO GLUE; No A record]

</PRE>[These were obtained from tld5.ultradns.info]</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Parent nameservers have your nameservers listed</TD><TD>OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="YELLOW"><FONT COLOR=BLACK><B>WARN</B></FONT></TD><TD WIDTH="15%">Glue at parent nameservers</TD><TD>WARNING. The parent servers (I checked with tld5.ultradns.info.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.<B>org</B>" for the domain "example.<B>com</B>"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.</TD></TR>

</TABLE>

<TABLE BORDER WIDTH="90%" ALIGN=CENTER CELLPADDING=2><TR><TD ROWSPAN=17 WIDTH="10%">NS</TD> <TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">NS records at your nameservers</TD><TD>Your NS records at your nameservers are:<BR><PRE>ns2.dialserver.com.br.[200.223.52.19] [TTL=1800]

ns1.dialserver.com.br.[200.223.52.18] [TTL=1800]

</PRE>

</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Mismatched glue</TD><TD>OK. The DNS report did not detect any discrepancies between the glue provided by the parent servers and that provided by your authoritative DNS servers.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">No glue at nameservers</TD><TD>OK. Your nameservers do include glue records when asked for your NS records. This ensures that your DNS servers know the A records corresponding to all your NS records.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">All nameservers report identical NS records</TD><TD>OK. The NS records at all your nameservers are identical. <!-- ret=2 --></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">All nameservers respond</TD><TD>OK. All of your nameservers listed at the parent nameservers responded.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Nameserver name validity</TD><TD>OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Number of nameservers</TD><TD>OK. You have 2 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Lame nameservers</TD><TD>OK. All the nameservers listed at the parent servers answer authoritatively for your domain.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="RED"><B>FAIL</B></TD><TD WIDTH="15%"><FONT COLOR=BLACK><B>Missing (stealth) nameservers</B></FONT></TD><TD>FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.<BR><PRE>ns2.dialserver.com.br.<BR>ns1.dialserver.com.br.<BR></PRE>This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Missing nameservers 2</TD><TD>OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">No CNAMEs for domain</TD><TD>OK. There are no CNAMEs for promovendas.org. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Note that I only checked promovendas.org, I did not check the NS records, which should not have CNAMEs either.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">No NSs with CNAMEs</TD><TD>OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="YELLOW"><FONT COLOR=BLACK><B>WARN</B></FONT></TD><TD WIDTH="15%">Nameservers on separate class C's</TD><TD>WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">All NS IPs public</TD><TD>OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">Nameservers versions</TD><TD>Your nameservers have the following versions:<BR><BR>-->200.223.52.19: "9.2.1"<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="RED"><B>FAIL</B></TD><TD WIDTH="15%"><FONT COLOR=BLACK><B>Stealth NS record leakage</B></FONT></TD><TD>Your DNS servers leak stealth information in non-NS requests:<BR><BR>Stealth nameservers are leaked [ns1.dialserver.com.br.]!<BR>Stealth nameservers are leaked [ns2.dialserver.com.br.]!<BR><BR>This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.</TD></TR>

<TABLE BORDER WIDTH="90%" ALIGN=CENTER CELLPADDING=2><TR><TD ROWSPAN=9 WIDTH="10%">SOA</TD> <TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">SOA record</TD><TD>Your SOA record [TTL=1800] is:<PRE>

Primary nameserver: promovendas.org.

Hostmaster E-mail address: promovendas.mail.promovendas.org.

Serial #: 2004122101

Refresh: 3600

Retry: 3600

Expire: 3600

Default TTL: 1800</PRE>

</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">NS agreement on SOA serial #</TD><TD>OK. All your nameservers agree that your SOA serial number is 2004122101. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNS Report only checks the NS records listed at the parent servers (not any stealth servers).<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="YELLOW"><FONT COLOR=BLACK><B>WARN</B></FONT></TD><TD WIDTH="15%">SOA MNAME Check</TD><TD>WARNING: Your SOA (Start of Authority) record states that your <B>master</B> (primary) name server is: <B>promovendas.org.</B>. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.

</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">SOA RNAME Check</TD><TD>OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: <B>promovendas[at]mail.promovendas.org.</B> (techie note: we have changed the initial '.' to an '[at]' for display purposes).

</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">SOA Serial Number</TD><TD>OK. Your SOA serial number is: <B>2004122101</B>. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number <B>must</B> be incremented every time you make a DNS change.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">SOA REFRESH value</TD><TD>OK. Your SOA REFRESH interval is : <B>3600 seconds</B>. This seems normal (about 3600-7200 seconds is good if not using DNS NOTIFY; RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours)). This value determines how often secondary/slave nameservers check with the master for updates.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">SOA RETRY value</TD><TD>OK. Your SOA RETRY interval is : <B>3600 seconds</B>. This seems normal (about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="RED"><B>FAIL</B></TD><TD WIDTH="15%"><FONT COLOR=BLACK><B>SOA EXPIRE value</B></FONT></TD><TD>WARNING: Your SOA EXPIRE time is : <B>3600 seconds</B>. This seems <B>very</B> low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver. </TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">SOA MINIMUM TTL value</TD><TD>OK. Your SOA MINIMUM TTL is: <B>1800 seconds</B>. This seems normal (about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.</TD></TR>

</TABLE>

<TABLE BORDER WIDTH="90%" ALIGN=CENTER CELLPADDING=2><TR><TD ROWSPAN=10 WIDTH="10%">MX</TD> <TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">MX Record</TD><TD>Your 2 MX records are:<BR>0 mail.promovendas.org. [TTL=1800] IP=200.223.52.19 [CNAME] [bR]<BR>10 smtp.promovendas.org. [TTL=1800] IP=200.223.52.19 [CNAME] [bR]<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Invalid characters</TD><TD>OK. All of your MX records appear to use valid hostnames, without any invalid characters.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">All MX IPs public</TD><TD>OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="YELLOW"><FONT COLOR=BLACK><B>WARN</B></FONT></TD><TD WIDTH="15%">MX records are not CNAMEs</TD><TD>WARNING: When I looked up your MX record, your DNS server returned a CNAME. This is an unusual situation, and I can't handle it -- the following MX tests may not work properly. The problem is:<BR>mail.promovendas.org.->mail1.dialserver.com.br.<BR>smtp.promovendas.org.->smtp1.dialserver.com.br.<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="YELLOW"><FONT COLOR=BLACK><B>WARN</B></FONT></TD><TD WIDTH="15%">MX A lookups have no CNAMEs</TD><TD>WARNING: One or more of your MX records did not return an A record; most likely, they have a CNAME. CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3. The problem MX records are:<BR>mail.promovendas.org.->mail1.dialserver.com.br.->200.223.52.19<BR>smtp.promovendas.org.->smtp1.dialserver.com.br.->200.223.52.19<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">MX is host name, not IP</TD><TD>OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Multiple MX records</TD><TD>OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Differing MX-A records</TD><TD>OK. I did not detect differing IPs for your MX records.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="RED"><B>FAIL</B></TD><TD WIDTH="15%"><FONT COLOR=BLACK><B>Duplicate MX records</B></FONT></TD><TD>WARNING: You have duplicate MX records. This means that mailservers may try delivering mail to the same IP more than once. Although technically valid, this is very confusing, and wastes resources. The duplicate MX records are:<BR><BR>mail.promovendas.org. and smtp.promovendas.org. both resolve to 200.223.52.19.<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Reverse DNS entries for MX records</TD><TD>OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is <I>cached</I>, so if you changed it recently, it will not be reflected here (see the <A HREF="http://www.dnsstuff.com">www.DNSstuff.com Reverse DNS Tool</A> for the current data). The reverse DNS entries are:<BR><PRE>

19.52.223.200.in-addr.arpa <A HREF="http://www.dnsstuff.com/tools/ptr.ch?ip=200.223.52.19">ns2.dialserver.com.br.</A> [TTL=43200] <!-- 0 PTR -->

19.52.223.200.in-addr.arpa <A HREF="http://www.dnsstuff.com/tools/ptr.ch?ip=200.223.52.19">ns2.dialserver.com.br.</A> [TTL=43200] <!-- 0 PTR -->

</PRE>

</TD></TR>

</TABLE>

<TABLE BORDER WIDTH="90%" ALIGN=CENTER CELLPADDING=2><TR><TD ROWSPAN=8 WIDTH="10%">Mail</TD> <TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Connect to mail servers</TD><TD>OK: I was able to connect to all of your mailservers.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Mail server host name in greeting</TD><TD>OK: All of your mailservers have their host name in the greeting:<BR><BR><FONT FACE="courier new" SIZE=-1>mail.promovendas.org:<BR>    220 <B>linux3.dialserver.com.br</B> ESMTP

<BR>smtp.promovendas.org:<BR>    220 <B>linux3.dialserver.com.br</B> ESMTP

<BR></FONT></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Acceptance of NULL <> sender</TD><TD>OK: All of your mailservers accept mail from "<>". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Acceptance of postmaster address</TD><TD>OK: All of your mailservers accept mail to postmaster[at]promovendas.org (as required by RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1).</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Acceptance of abuse address</TD><TD>OK: All of your mailservers accept mail to abuse[at]promovendas.org.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">Acceptance of domain literals</TD><TD>WARNING: One or more of your mailservers does not accept mail in the domain literal format (user[at][0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted (mailservers at many common large domains have this problem).<BR>

<PRE>mail.promovendas.org's postmaster[at][200.223.52.19] response:

>>> RCPT TO:<postmaster[at][200.223.52.19]>

<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

smtp.promovendas.org's postmaster[at][200.223.52.19] response:

>>> RCPT TO:<postmaster[at][200.223.52.19]>

<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

</PRE></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">Open relay test</TD><TD>OK: All of your mailservers appear to be closed to relaying. This is <I>not</I> a thorough check, you can get a thorough one <A HREF="http://www.abuse.net/relay.html">here</A>.<BR>mail.promovendas.org OK: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

<BR>smtp.promovendas.org OK: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

<BR></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER BGCOLOR="YELLOW"><FONT COLOR=BLACK><B>WARN</B></FONT></TD><TD WIDTH="15%">SPF record</TD><TD>Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to <A HREF="http://spf.pobox.com">add an SPF record</A> ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004). </TD></TR>

</TABLE>

<TABLE BORDER WIDTH="90%" ALIGN=CENTER CELLPADDING=2><TR><TD ROWSPAN=3 WIDTH="10%">WWW</TD> <TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=BLACK><B>INFO</B></FONT></TD><TD WIDTH="15%">WWW Record</TD><TD>Your www.promovendas.org A record is:<BR><PRE>www.promovendas.org. CNAME promovendas.org. [TTL=1800]

promovendas.org. A 200.223.52.21 [TTL=1800] [bR]

<!-- NO: type=A name1=promovendas.org. --></PRE></TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">All WWW IPs public</TD><TD>OK. All of your WWW IPs appear to be public IPs. If there were any private IPs, they would not be reachable, causing problems reaching your web site.</TD></TR>

<TR><TD WIDTH="10%" ALIGN=CENTER><FONT COLOR=GREEN><B>PASS</B></FONT></TD><TD WIDTH="15%">CNAME Lookup</TD><TD>OK. You do have a CNAME record for www.promovendas.org, which can cause some confusion. However, this is legal. Your CNAME entry also returns the A record for the CNAME entry, which is good -- otherwise, it would require an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. Note that if the CNAME points to another CNAME, it will likely cause problems.</TD></TR>

</TABLE>

<BR><BR>Legend:<BR>

<UL>

<LI>Rows with a <FONT COLOR="RED">FAIL</FONT> indicate a problem that in most cases really should be fixed.

<LI>Rows with a <FONT COLOR="YELLOW">WARN</FONT> indicate a possible minor problem, which often is not worth pursuing.

<BR><LI>Note that all information is accessed in real-time (except where noted), so this is the freshest information about your domain.</UL>

<BR><BR><HR><CENTER><H6>© Copyright 2000-2005 R. Scott Perry</H6></CENTER>

</BODY></HTML>

From: R. Scott Perry <xxxx <at> dnsstuff.com> <br>

To: Wazoo <br>

Date: May 15, 2005 4:27 PM <br>

Subject: Re: use of a "screenshot" <br>

<br>

You are welcome to allow the posting to remain. Just so long as the <br>

appropriate www.dnsstuff.com/www.dnsreport.com site is credited <br>

(as is the case here), there is no problem.<br>

-Scott

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...