[Clipart] [Fwd: DNS report on openclipart.org]
Jon Phillips
jon at rejon.org
Sat Nov 20 06:38:08 PST 2004
-------- Forwarded Message --------
> From: Jackson, Martin* <martinjackson at nctr.fda.gov>
> To: 'jon at rejon.org' <jon at rejon.org>
> Cc: Jackson, Martin (yahoo) <martin_jackson at yahoo.com>
> Subject: DNS report on openclipart.org
> Date: Tue, 16 Nov 2004 07:48:39 -0600
>
>
> Jon,
>
>
>
> I just found out about your site through a discussion on Slashdot.
>
> I've had trouble resolving your site name.
>
>
>
> Both
>
> X1.cs.pdx.edu (131.252.208.82)
>
> and
>
> X2.cs.pdx.edu (131.252.208.81)
>
> gave connection timeouts when resolving openclipart.org
>
>
>
> Please disregard if this is old information,
>
>
>
> Martin
>
>
>
>
>
>
>
> http://www.dnsreport.com/tools/dnsreport.ch?domain=openclipart.org
>
>
>
>
> DNS Report for openclipart.org
> Generated by www.DNSreport.com at 13:28:03 GMT on 16 Nov 2004.
> Category
>
>
> Status
>
>
> Test Name
>
>
> Information
>
>
> Parent
>
>
> PASS
>
>
> Missing Direct
> Parent check
>
>
> OK. Your direct
> parent zone
> exists, which is
> good. Some
> domains (usually
> third or fourth
> level domains,
> such as
> example.co.us) do
> not have a direct
> parent zone
> ('co.us' in this
> example), which
> is legal but can
> cause confusion.
>
>
> INFO
>
>
> NS records at
> parent servers
>
>
> Your NS records
> at the parent
> servers are:
>
> x2.cs.pdx.edu. [131.252.208.82 (NO GLUE)] [US]
> x1.cs.pdx.edu. [131.252.208.81 (NO GLUE)] [US]
>
> [These were
> obtained from
> tld1.ultradns.net]
>
>
> PASS
>
>
> Parent
> nameservers have
> your nameservers
> listed
>
>
> OK. When someone
> uses DNS to look
> up your domain,
> the first step
> (if it doesn't
> already know
> about your
> domain) is to go
> to the parent
> servers. If you
> aren't listed
> there, you can't
> be found. But you
> are listed there,
> with 0 entries.
>
>
> WARN
>
>
> Glue at parent
> nameservers
>
>
> WARNING. The
> parent servers (I
> checked with
> TLD1.ULTRADNS.NET.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
>
>
>
>
>
> NS
>
>
> INFO
>
>
> NS records at
> your nameservers
>
>
> Your NS records
> at your
> nameservers are:
>
> [None of your nameservers returned your NS records; they could be down
> or unreachable, or could all be lame nameservers]
> WARN
>
>
> All nameservers
> report identical
> NS records
>
>
> WARNING: At least
> one of your
> nameservers did
> not return your
> NS records (it
> reported 0
> answers). This
> could be because
> of a referral, if
> you have a lame
> nameserver (which
> would need to be
> fixed).
>
> 131.252.208.81 returns 0 answers (may be a referral)
> FAIL
>
>
> All nameservers
> respond
>
>
> ERROR: Some of
> your nameservers
> listed at the
> parent
> nameservers did
> not respond. The
> ones that did not
> respond are:
>
> 131.252.208.82
>
>
> Note: If you are
> running a
> Watchguard
> Firebox with DNS
> Proxy enabled,
> there may be a
> bug causing port
> numbers get mixed
> up -- if this is
> the case, you can
> contact
> Watchguard to see
> if they have a
> fix.
>
>
> PASS
>
>
> Nameserver name
> validity
>
>
> OK. All of the NS
> records that your
> nameservers
> report seem valid
> (no IPs or
> partial domain
> names).
>
>
> PASS
>
>
> Number of
> nameservers
>
>
> OK. You have 2
> nameservers. You
> must have at
> least 2
> nameservers
> (RFC2182 section
> 5 recommends at
> least 3
> nameservers), and
> preferably no
> more than 7.
>
>
> PASS
>
>
> Lame nameservers
>
>
> OK. All the
> nameservers
> listed at the
> parent servers
> answer
> authoritatively
> for your domain.
>
>
> PASS
>
>
> Missing (stealth)
> nameservers
>
>
> OK. All 0 of your
> nameservers (as
> reported by your
> nameservers) are
> also listed at
> the parent
> servers.
>
>
> PASS
>
>
> Missing
> nameservers 2
>
>
> OK. All of the
> nameservers
> listed at the
> parent
> nameservers are
> also listed as NS
> records at your
> nameservers.
>
>
> FAIL
>
>
> No CNAMEs for
> domain
>
>
> ERROR: I checked
> with your
> nameservers to
> see if there were
> any CNAMEs for
> openclipart.org
> (there shouldn't
> be), but they all
> timed out.
>
>
> FAIL
>
>
> No NSs with
> CNAMEs
>
>
> ERROR: I checked
> with your
> nameservers to
> see if there were
> any CNAMEs for
> your NS records
> (there shouldn't
> be), but they all
> timed out.
>
>
> WARN
>
>
> Nameservers on
> separate class
> C's
>
>
> WARNING: We
> cannot test to
> see if your
> nameservers are
> all on the same
> Class C
> (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
>
>
> PASS
>
>
> All NS IPs public
>
>
> OK. All of your
> NS records appear
> to use public
> IPs. If there
> were any private
> IPs, they would
> not be reachable,
> causing DNS
> delays.
>
>
> INFO
>
>
> Nameservers
> versions
>
>
> Your nameservers
> have the
> following
> versions:
>
> 131.252.208.81:
> No version info
> available
> (unknown
> problem).
> 131.252.208.82:
> No version info
> available
> (timeout on
> lookup). Could be
> tinydns 1.00
> through 1.04.
>
>
> PASS
>
>
> Stealth NS record
> leakage
>
>
> Your DNS servers
> do not leak any
> stealth NS
> records (if any)
> in non-NS
> requests.
>
>
>
>
>
> SOA
>
>
> INFO
>
>
> SOA record
>
>
> Your SOA record
> [TTL=0] is:
>
> Primary nameserver:
> Hostmaster E-mail address:
> Serial #: 0
> Refresh: 0
> Retry: 0
> Expire: 0
> Default TTL: 0
>
> WARNING: The
> following
> nameservers did
> not respond:
> 131.252.208.82
>
>
> FAIL
>
>
> NS agreement on
> SOA Serial #
>
>
> ERROR: Your
> nameservers
> disagree as to
> which version of
> your DNS is the
> latest!
> 4294967295 versus
> 0! This is OK if
> you have just
> made a change
> recently, and
> your secondary
> DNS servers
> haven't yet
> received the new
> information from
> the master. I
> will continue the
> report, assuming
> that 0 is the
> correct serial #.
>
>
> FAIL
>
>
> SOA MNAME Check
>
>
> ERROR: Your SOA
> (Start of
> Authority) record
> states that your
> master (primary)
> name server is: .
> However, that is
> not a valid
> domain name!
>
>
> FAIL
>
>
> SOA RNAME Check
>
>
> ERROR: Your SOA
> (Start of
> Authority) record
> states that your
> DNS contact
> E-mail address in
> hostname format
> is: . However,
> that is NOT valid
> (it must have at
> least 2 '.''s in
> it and no '@')!
>
>
> WARN
>
>
> SOA Serial Number
>
>
> WARNING: Your SOA
> serial number is:
> 0. That is OK,
> but the
> recommended
> format (per
> RFC1912 2.2) is
> YYYYMMDDnn, where
> 'nn' is the
> revision. For
> example, if you
> are making the
> 3rd change on 02
> May 2000, you
> would use
> 2000050203. This
> number must be
> incremented every
> time you make a
> DNS change.
>
>
> FAIL
>
>
> SOA REFRESH value
>
>
> WARNING: Your SOA
> REFRESH interval
> is : 0 seconds.
> This seems very
> low. You should
> consider
> increasing this
> value to about
> 3600-7200
> seconds. RFC1912
> 2.2 recommends a
> value between
> 1200 to 43200
> seconds (20
> minutes to 12
> hours). A value
> that is too low
> will unncessarily
> increase Internet
> traffic.
>
>
> FAIL
>
>
> SOA RETRY value
>
>
> WARNING: Your SOA
> RETRY interval
> is : 0 seconds.
> This seems very
> low. You should
> consider
> increasing this
> value to about
> 120-7200 seconds.
> The retry value
> is the amount of
> time your
> secondary/slave
> nameservers will
> wait to contact
> the master
> nameserver again
> if the last
> attempt failed.
>
>
> FAIL
>
>
> SOA EXPIRE value
>
>
> WARNING: Your SOA
> EXPIRE time is :
> 0 seconds. This
> seems very low.
> You should
> consider
> increasing this
> value to about
> 1209600 to
> 2419200 seconds
> (2 to 4 weeks).
> RFC1912
> recommends 2-4
> weeks. This is
> how long a
> secondary/slave
> nameserver will
> wait before
> considering its
> DNS data stale if
> it can't reach
> the primary
> nameserver.
>
>
> FAIL
>
>
> SOA MINIMUM TTL
> value
>
>
> WARNING: Your SOA
> MINIMUM TTL is :
> 0 seconds. This
> seems very low
> (unless you are
> just about to
> update your DNS).
> You should
> consider
> increasing this
> value to
> somewhere between
> 3600 and 10800.
> RFC2308 suggests
> a value of 1-3
> hours. This value
> used to determine
> the default
> (technically,
> minimum) TTL
> (time-to-live)
> for DNS entries,
> but now is used
> for negative
> caching.
>
>
>
>
>
> MX
>
>
> FAIL
>
>
> MX Category
>
>
> ERROR: I couldn't
> find any MX
> records for
> openclipart.org.
> If you want to
> receive E-mail on
> this domain, you
> should have MX
> record(s).
> Without any MX
> records,
> mailservers
> should attempt to
> deliver mail to
> the A record for
> openclipart.org.
> I can't continue
> in a case like
> this, so I'm
> assuming you
> don't receive
> mail on this
> domain.
>
>
>
>
>
> Mail
>
>
> FAIL
>
>
> Connect to mail
> servers
>
>
> ERROR: I could
> not find any
> mailservers for
> openclipart.org.
>
>
>
>
>
> WWW
>
>
> FAIL
>
>
> WWW Category
>
>
> ERROR: I couldn't
> find any A
> records for
> www.openclipart.org. If you want a website at www.openclipart.org, you will need an A record for www.openclipart.org. If you do not want a website at www.openclipart.org, you can ignore this error.
>
>
>
>
>
> Legend:
>
> * Rows with a FAIL indicate a problem that in most cases really
> should be fixed.
> * Rows with a WARN indicate a possible minor problem, which
> often is not worth pursuing.
> * Note that all information is accessed in real-time (except
> where noted), so this is the freshest information about your
> domain.
>
>
>
>
>
> ______________________________________________________________________
> (C) Copyright 2000-2004 R. Scott Perry
>
>
>
--
Jon Phillips
(NEW) USA PH 510.499.0894
jon at rejon.org
http://www.rejon.org
Inkscape (http://inkscape.org)
Open Clip Art Library (www.openclipart.org)
CVS Book (http://cvsbook.ucsd.edu)
Scale Journal (http://scale.ucsd.edu)
More information about the clipart
mailing list