Accuracy of DNSStuff reports

Tom Diehl tdiehl at
Wed Nov 29 14:02:50 UTC 2006

On Wed, 29 Nov 2006, Andy Shellam (Mailing Lists) wrote:

> Res wrote:
>> Point taken, and thinking about it, I agree, and maybe the person related
>> to DNSReports monitoring this thread could change this to reflect a WARN
>> or offer another point of view as to why they prefer FAIL.
> Hear, hear.
> Although, on DNS Report, it does say "A FAIL record indicates a problem
> that really should be fixed", whereas a WARN is a "configuration issue
> that is often not worth pursuing."
> Personally, I think it's down to the sysadmin's policy really, and that
> yes DNS Report should downgrade it to WARN, as it doesn't indicate a DNS
> zone is liable to fail.
> Also, can anyone clarify how the "Single Point of Failure" test is
> worked out?  For example on my domain:
>, it reports a
> WARN on this test, saying that 1 of it's 2 tests cannot work out if my
> nameservers are on different class C IPs - which they are,
> and  Why is the test failing?  I know it's not a problem
> as I know the servers are in different physical locations, I just like
> to have a full PASS :-)

It is IMO a bogus test. The fact that I have the same type of firewalls
in 2 geographically diverse locations gives me the same warnings.

Go to and search for
"Single Point of Failure" for more info on what they are doing.

Even with its flaws it is still a very useful site. You just need to understand
how to interpret the results.


Tom Diehl		tdiehl at		Spamtrap address mtd123 at

More information about the bind-users mailing list