Montty Posted January 15, 2005 Share Posted January 15, 2005 Hello everyone, After submiting aticka.com to dnsreport.com the page returned with the following warning messages: Here is the list of the litigious areas and their explanations (as returned by dnsreport.com): 1- SOA REFRESH valueWARNING: Your SOA REFRESH interval is : 28800 seconds. This seems a bit high. You should consider decreasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours, with the longer time periods used for very slow Internet connections; 12 hours seems very high to us), and if you are using DNS NOTIFY the refresh value is not as important (RIPE recommends 86400 seconds if using DNS NOTIFY). This value determines how often secondary/slave nameservers check with the master for updates. A value that is too high will cause DNS changes to be in limbo for a long time. 2- SOA EXPIRE value WARNING: Your SOA EXPIRE time is : 3600000 seconds. This seems a bit high. You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver. 3- Multiple MX records WARNING: You only have 1 MX record. If your primary mail server is down or unreachable, there is a chance that mail may have troubles reaching you. 4- Mail server host name in greeting WARNING: One or more of your mailservers may be claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but may be a technical violation of RFC821 4.3 (and RFC2821 4.3.1). aticka.com claims to be host server40.totalchoicehosting.com. 5- Acceptance of domain literals WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted. aticka.com's postmaster@[63.247.77.69] response: >>> RCPT TO:<postmaster@[63.247.77.69]> <<< 501 : domain literals not allowed 6- SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004) Not that I am really worried about these, I still would love to have the opinion of the TCH gurus on how to deal with them if they are of concerns. I must admit that the last warning regarding the lack of SPF records has been ringing a few loud Alert bells. This seems to be a very recent prerequisite though (01/10/04), which I missed (and I am sure many others have as well). Nonetheless, for my sake and the sake of others reading this, it would be great to know if there are any known issues with TCH before recording domains to the SPF. Thank you in advance for any inputs on these matters. Quote Link to comment Share on other sites More sharing options...
Montty Posted January 19, 2005 Author Share Posted January 19, 2005 Huuum not much activities on this one... Anyhow regarding SPF (Warning 6) and for those like me which are totally baffled by all these (anti or not) Spam headackes and regulations, I found a few interesting pages including a great thread on this forum: An introduction to SPF What is this SPF record thing? HOWTO - Define an SPF Record Now regarding the huge silence on warnings 1,2,4,5 for my domain, is it correct to assume that they are no matter of concerns? TQ again Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted January 19, 2005 Share Posted January 19, 2005 Montty, Forgive me for not stating something sooner. Let me check with someone and I will post back. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted January 19, 2005 Share Posted January 19, 2005 I tend to take these online reporting tools with a grain of salt I plugged in a few site to dns reports, and saw errors too microsoft.com yahoo.com and amazon.com was the worst . Quote Link to comment Share on other sites More sharing options...
Montty Posted January 20, 2005 Author Share Posted January 20, 2005 @Don Hehe like you I tend to be very suspicious about this kind of results, although, I must admit that testing it with other big domains didn’t come to my mind - duuuh!! - silly me! On the other hand, I found these results interesting as they could maybe help highlight possible tiny issues on TCH side of things (I am thinking about Warnings 1,2,4 & 5). Of course, I am not implying that there are problems within TCH settings. @Rob No worries, I know that a few big changes have landed on your professional life and that you are extremely busy taking over your new appointment – Such a great news – Congrats again I look forward for more regarding what to do about the SPF record thinggy... If ever it is necessary to do something about it of course. No rush though Anyhow once more time, TQ to both of you for your input and piece of mind Quote Link to comment Share on other sites More sharing options...
jme574 Posted January 21, 2005 Share Posted January 21, 2005 I don't know about the others but i was able to fix my problems with one and two in my whm cpanel. i went and edited the dns zones and change my refresh to 6000 and my expire to 2000000 and this seemed to fix those two errors. if anyone has the answers to the others, i would be interested in the fixes also. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.