Domain Name System is the one of the most important in the internet.This is the brain of the internet and websites.The hosting providers know about the DNS errors and warning and how to fix this.The simple practice with the intodns online tool.This is the powerful DNS checking tool.
What is in the DNS? See the below table;
| Records | Descrition |
| A | host address (Pointing) |
| CNAME | identifies the canonical name |
| HINFO | identifies the CPU and OS used by a host |
| MX | identifies a mail exchange for the domain. |
| NS | the authoritative name server for the domain |
| PTR | a pointer to another part of the domain name space |
| SOA | identifies the start of a zone of authority |
| class | which is an encoded 16 bit value which identifies a protocol family or instance of a protocol. |
| IN | the Internet system |
| CH | the Chaos system |
| TTL | which is the time to live of the RR. This field is a 32 bit integer in units of seconds, an is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. |
Best Practice with intodns tool
1.Domain NS records
2.TLD Parent Check
3.Nameservers list
4.DNS Parent sent Glue
5.Nameservers A records
6.NS records from your nameservers
7.Recursive Queries
8.Same Glue
9.Glue for NS records
10.Mismatched NS records
11.DNS servers responded
12.Name of nameservers are valid
13.Multiple Nameservers
14.Nameservers are lame
15.Missing nameservers reported by parent
16.Missing nameservers reported by your nameservers
17.Domain CNAMEs
18.NSs CNAME check
19.Different subnets
20.IPs of nameservers are public
21.DNS servers allow TCP connection
22.Different autonomous systems
23.Stealth NS records sent
24.SOA record
26.SOA MNAME entry
27.SOA Serial
28.SOA REFRESH
29.SOA RETRY
30.SOA EXPIRE
31.SOA MINIMUM TTL
32.MX Records
33.Different MX records at nameservers
34.MX name validity
35.MX IPs are public
36.MX CNAME Check
37.MX A request returns CNAME
38.MX is not IP
39.Number of MX records
40.Mismatched MX A
41.Duplicate MX A records
42.Reverse MX A records (PTR)
43.WWW A Record
[Looks like CNAME's]
44.IPs are public
45.WWW CNAME
- Nameserver records returned by the parent servers
2.TLD Parent Check
- the parent server that interrogated, has information for TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check.
3.Nameservers list
- This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
4.DNS Parent sent Glue
- The parent nameserver sent GLUE, meaning he sent the nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3)
5.Nameservers A records
- Every nameserver listed has A records. This is a must.
6.NS records from your nameservers
- NS records got the nameservers listed at the parent NS
7.Recursive Queries
- nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
8.Same Glue
- The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers.
9.Glue for NS records
- nameservers for the NS records,also returned the A records for the NS records. This is a good thing as it will spare an extra A lookup needed to find those A records.
10.Mismatched NS records
- The NS records at all nameservers are identical.
11.DNS servers responded
- All nameservers listed at the parent server responded.
12.Name of nameservers are valid
- All of the NS records that your nameservers report seem valid.
13.Multiple Nameservers
- multiple nameservers. According to RFC2182 section 5.must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok.
14.Nameservers are lame
- All the nameservers listed at the parent servers answer authoritatively for domain.
15.Missing nameservers reported by parent
- All NS records are the same at the parent and at nameservers.
16.Missing nameservers reported by your nameservers
- All nameservers returned by the parent server f.gtld-servers.net are the same as the ones reported by the nameservers.
17.Domain CNAMEs
- RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
18.NSs CNAME check
- RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
19.Different subnets
- Looks like you have nameservers on different subnets!
20.IPs of nameservers are public
- Looks like the IP addresses of the nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
21.DNS servers allow TCP connection
- DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default.
22.Different autonomous systems
- It seems safe from a single point of failure.Must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down.
23.Stealth NS records sent
- stealth ns records
24.SOA record
- The SOA record is:
- Primary nameserver: ns1.xxxx.com
- Hostmaster E-mail address: dns-xxxx.com
- Serial #: 1460334
- Refresh: 7200
- Retry: 1800
- Expire: 1209600 2 weeks
- Default TTL: 300
- nameservers agree that your SOA serial number is 1460334.
26.SOA MNAME entry
- ns1.xxxx.com That server is listed at the parent servers.
27.SOA Serial
- The recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision.SOA serial appears to be the number of seconds since midnight 00 Jan 0000 when the last DNS change was made. That seems to be 0000/0/00 00:00:00
28.SOA REFRESH
- SOA REFRESH interval is: 7200. That is OK
29.SOA RETRY
- SOA RETRY value is: 1800. Looks ok
30.SOA EXPIRE
- SOA EXPIRE number is: 1209600.Looks ok
31.SOA MINIMUM TTL
- SOA MINIMUM TTL is: 300. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. value 300 is OK.
32.MX Records
- MX records that were reported by the nameservers.
33.Different MX records at nameservers
- Looks like all nameservers have the same set of MX records. This tests to see if there are any MX records not reported by all the nameservers and also MX records that have the same hostname but different IPs.
34.MX name validity
- Good. not detect any invalid hostnames for MX records.
35.MX IPs are public
- OK. All the MX records appear to use public IPs.
36.MX CNAME Check
37.MX A request returns CNAME
- CNAMEs returned for A records lookups.OK.
38.MX is not IP
- MX records are host names.OK.
39.Number of MX records
- multiple MX records at all the nameservers. This is a good thing and will help in preventing loss of mail.
40.Mismatched MX A
- Not detect differing IPs for the MX records.Ok.
41.Duplicate MX A records
- not found duplicate IP(s) for the MX records. This is a good thing.
42.Reverse MX A records (PTR)
- have reverse (PTR) records for all the IPs, that is a good thing.
43.WWW A Record
[Looks like CNAME's]
44.IPs are public
- WWW IPs appear to be public IPs. OK.
45.WWW CNAME
- CNAME record for www.xxxx.com.CNAME entry also returns the A record for the CNAME entry, which is good.
Thanks
0 comments:
Post a Comment