[NCLUG] ns errors

Matt rosing at peakfive.com
Fri Jul 6 11:29:44 MDT 2007 

Hi,

I found a site to check my server (www.dnsstuff.com) and it offers a
free check for things like open relays and what not. A couple of
NS errors it found are shown below. I'm using no-ip.com to point to my
machine (I have a dynamic IP). Are these really problems and is there
a way to get more info about them? Also, are these problems something
I'm doing wrong or do I need to talk to no-ip?

Thanks,

Matt


1) FAIL: You have one or more missing (stealth) nameservers. 

  The following nameserver(s) are listed (at your nameservers) as
  nameservers for your domain, but are not listed at the parent
  nameservers (therefore, they may or may not get used, depending on
  whether your DNS servers return them in the authority section for
  other requests, per RFC2181 5.4.1). You need to make sure that these
  stealth nameservers are working; if they are not responding, you may
  have serious problems! The DNSreport will not query these servers, so
  you need to be very careful that they are working properly. 
  
  ns4.no-ip.com.
  ns5.no-ip.com.
  This is listed as an ERROR because there are some cases where nasty
  problems can occur (if the TTLs vary from the NS records at the root
  servers and the NS records point to your own domain, for example). 

2) WARNING: Although you have at least 2 NS records, they may both point
  to the same server (one of our two tests shows them being the same,
  the other does not), which would result in a single point of
  failure. You are required to have at least 2 nameservers per RFC 1035
  section 2.2. 

3) Your DNS servers leak stealth information in non-NS requests:

  Stealth nameservers are leaked [ns4.no-ip.com.]!
  Stealth nameservers are leaked [ns5.no-ip.com.]!
  
  This can cause some serious problems (especially if there is a TTL
  discrepancy). If you must have stealth NS records (NS records listed
  at the authoritative DNS servers, but not the parent DNS servers), you
  should make sure that your DNS server does not leak the stealth NS





records in response to other queries.

More information about the NCLUG mailing list