PDA

View Full Version : DNS Check failures on a 'great host', now what?


gemini181
May 14th, 2006, 11:44
Hi,

I have a new host who seems really great in many ways, but I'm still not sure I should put anything important there.

The best part: The server memory usage stays around 27% and the cpu load is very low also.

The question for this post: The DNS report shows several failures. Are they serious? Enough to 'ruin' a great host?

Thank you very much.

FAILOpen DNS serversERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are: Server ****

%%%%%%%%%%

Also...

FAILMissing (stealth) nameservers

FAILStealth NS record leakage
Tree
May 14th, 2006, 11:52
Who's the host? If you'd rather it not be public, PM me and I may have some insight as to why, or who you can contact.
gemini181
May 14th, 2006, 13:10
Thanks, for the offer. I'm looking to just be more informed before deciding to open a ticket with the host. Should a customer consider this type of issue 'minor' or 'possibly serious'? :beer:
Craig
May 14th, 2006, 13:15
Thanks, for the offer. I'm looking to just be more informed before deciding to open a ticket with the host. Should a customer consider this type of issue 'minor' or 'possibly serious'? :beer:

If your site is online & working then it isnt a massive issue. If its causing your site to go down then contact the host in question :-).
PolurNET
May 17th, 2006, 10:01
FYI, that first "error" is irrelevant, it's a technical specification that is more of an informative detail than anything negative.

The other two are saying the domain in question has different nameserver records in the DNS entries, than at the domain registry, but it's nothing serious; likely the user had decided to make private nameservers or something, and didn't change the corresponding "A" dns records on their server
gate2vn
May 27th, 2006, 21:46
Should a customer consider this type of issue 'minor' or 'possibly serious'? :beer:
it would effect to the host. That error message shows someone from outside can use their DNS server. You can contact them, to have them fix it within a minute