Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 1st December 2006, 04:51
cybereatl cybereatl is offline
Senior Member
Join Date: Jan 2006
Posts: 255
Thanks: 6
Thanked 2 Times in 2 Posts
Send a message via Yahoo to cybereatl
Default ISPConfig box and DNSstuff.com report

Hi folks,

I have checked a domain name on my ISPConfig server on a portal refered by a hosting company and I've find out there is 8 issues:

1. Open DNS servers: ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server xxx.xx.xxx.204 reports that it will do recursive lookups. [test] Server xxx.xx.xxx.204 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.

2. Nameserver name validity ERROR: One or more of the NS records that your nameservers report are invalid:
xxx.xx.xxx.204. is not a valid host name (it must be a host name, not an IP address)

3. Number of nameservers ERROR: You have 2 nameservers, but both are on the same IP! This is not a valid setup. You are required to have at least 2 nameservers, per RFC 1035 section 2.2.

4. Missing (stealth) nameservers FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.xxx.xx.xxx.204.

This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

5. Missing nameservers 2 ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:

6. Stealth NS record leakage Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [xxx.xx.xxx.204.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.

7. MX Category ERROR: I couldn't find any MX records for asesoriasit.net. If you want to receive E-mail on this domain, you should have MX record(s). Without any MX records, mailservers should attempt to deliver mail to the A record for asesoriasit.net. I can't continue in a case like this, so I'm assuming you don't receive mail on this domain.

8. Connect to mail servers ERROR: I could not find any mailservers for domain.net.

please let me know some hints, that doesn't mean server is not working, all features and running just fine, just concern about those results.

Kind regards,
Eli Acevedo
Reply With Quote
Sponsored Links
Old 1st December 2006, 13:02
till till is online now
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,037
Thanks: 841
Thanked 5,659 Times in 4,466 Posts

1) http://www.howtoforge.com/forums/sho...86&postcount=2
2) Make sure you use a domain (fqdn) and not a IP address as nemserver.
3) No problem.

Correct 2) and most of the other problems will disappear too.

7) Create a MX record for the domain. make sure you leave the hostname field empty.
8) is solved when 7 is solved.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Old 1st December 2006, 13:32
edge edge is offline
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,045
Thanks: 270
Thanked 154 Times in 133 Posts

Question: Why are you masking your IP, but still showing your domain name at point 7?
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 22:48.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.