Accuracy of DNSStuff reports
tdiehl at rogueind.com
Wed Nov 29 14:02:50 UTC 2006
On Wed, 29 Nov 2006, Andy Shellam (Mailing Lists) wrote:
> Res wrote:
>> Point taken, and thinking about it, I agree, and maybe the person related
>> to DNSReports monitoring this thread could change this to reflect a WARN
>> or offer another point of view as to why they prefer FAIL.
> Hear, hear.
> Although, on DNS Report, it does say "A FAIL record indicates a problem
> that really should be fixed", whereas a WARN is a "configuration issue
> that is often not worth pursuing."
> Personally, I think it's down to the sysadmin's policy really, and that
> yes DNS Report should downgrade it to WARN, as it doesn't indicate a DNS
> zone is liable to fail.
> Also, can anyone clarify how the "Single Point of Failure" test is
> worked out? For example on my domain:
> www.dnsstuff.com/tools/dnsreport.ch?domain=www.andycc.net, it reports a
> WARN on this test, saying that 1 of it's 2 tests cannot work out if my
> nameservers are on different class C IPs - which they are, 18.104.22.168
> and 22.214.171.124. Why is the test failing? I know it's not a problem
> as I know the servers are in different physical locations, I just like
> to have a full PASS :-)
It is IMO a bogus test. The fact that I have the same type of firewalls
in 2 geographically diverse locations gives me the same warnings.
Go to http://www.dnsstuff.com/pages/forums.htm and search for
"Single Point of Failure" for more info on what they are doing.
Even with its flaws it is still a very useful site. You just need to understand
how to interpret the results.
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the bind-users