Several Questions

Barry Margolin barmar at alum.mit.edu
Mon Apr 19 21:21:31 UTC 2004


In article <c61419$2h89$1 at sf1.isc.org>,
 akennedy at exemail.com.au (Andrew) wrote:

> Hi All,
> 
>       I have run a couple of "online" DNS checking sites against my
> linux DNS server & have gotten back some "warnings" & "errors: & was
> wanting to pass them by here for a potential explanation &/or
> solution..

I assume that the domain in question is eziekiel.com, right?

> 
> I am running as a primary DNS & have secondary done by a company
> called easyDNS
> 
> replies below :-
> 
> o The name server "ns2.easydns.com." is not listed in delegation data
>     The server "ns2.easydns.com." is listed as being authoritative
>     for the zone according to the zone data, but there is no NS
>     record for that server in the delegation data.  Delegation data
>     and zone data should always match.

The registration of your domain says:

 Domain servers in listed order:
    NS.EZIEKIEL.COM   220.233.6.187
    NS1.EASYDNS.COM   216.220.40.243

But in the zone file, you have:

eziekiel.com.           86400   IN      NS      ns2.easyDNS.com.
eziekiel.com.           86400   IN      NS      remote1.easyDNS.com.
eziekiel.com.           86400   IN      NS      remote2.easyDNS.com.
eziekiel.com.           86400   IN      NS      remote3.easyDNS.com.
eziekiel.com.           86400   IN      NS      ns.eziekiel.com.
eziekiel.com.           86400   IN      NS      ns1.easyDNS.com.

You should update the registration to match this.

> 
> o All nameservers report identical NS records WARNING: 
> Your nameservers report somewhat different answers for your NS records
> (varying TTL, for example).

I'm not seeing this.  I queried all six nameservers, and they all give 
identical NS records.  

> 
> o Lame nameservers ERROR: 
> You have one or more lame nameservers. These are nameservers that do
> NOT answer authoritatively for your domain. This is bad; for example,
> these nameservers may never get updated. The following nameservers are
> lame:
> 220.233.6.187 

I'm not seeing this either.

> 
> o Missing (stealth) nameservers FAIL: 
> You have one or more missing (stealth) nameservers. The following
> nameserver(s) are listed (at your nameservers) as nameservers for your
> domain, but are not listed at the the parent nameservers (therefore,
> they may or may not get used, depending on whether your DNS servers
> return them in the authority section for other requests, per RFC2181
> 5.4.1). You need to make sure that these stealth nameservers are
> working; if they are not responding, you may have serious problems!
> The DNS Report will not query these servers, so you need to be very
> careful that they are working properly.
> remote3.easyDNS.com.ns2.easyDNS.com.remote1.easyDNS.com.remote2.easyDNS.com.
> This is listed as an ERROR because there are some cases where nasty
> problems can occur (if the TTLs vary from the NS records at the root
> servers and the NS records point to your own domain, for example).

This is the same as the first problem listed.

> 
> o No CNAMEs for domain ERROR: 
> eziekiel.com has a CNAME entry (); it is not valid to have a CNAME
> entry and NS entries for 220.233.6.187. See RFC1912 2.4 and RFC2181
> 10.3 for more information .

I'm not seeing this, either.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


More information about the bind-users mailing list