Open DNS servers and Missing (stealth) nameservers HUGE PROBLEMS!

[andreaf]

Hi there,
I have a domain .it I can surf, I can access the Webmail, Cpanel (Customer says he can't) and I can't create subdomains.

Webmail, Cpanel and subdomains have always worked for any domain .it we've hosted until some days ago.
Already created subdomains work, new ones don't.

The customer not accessing the webmail and cpanel feature says he's not behind a firewall and stated that he could not access even abroad (the website webmail and cpanel access has been positively tested by users from various countries).

Dnsreport.com shows me this:

*********************************************************
FAIL
Open DNS servers

ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server 217.11.80.19 reports that it will do recursive lookups. [test]
Server 217.11.80.2 reports that it will do recursive lookups. [test]

-----

FAIL
Missing (stealth) nameservers

FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

ns.multilinkitalia.it.
dns3.nic.it.
lenna.easyasp.it.

This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

-----

FAIL
Missing nameservers 2

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
dns2.multilink.net.
dns1.multilink.net.

*********************************************************

We're on a semi-managed dedicate server.

My questions are:
1) Is the problem related to the domain registrar or to the manager of the server?
2) We can access to WHM, what are the steps I have to take to deal with this problem?

I REALLY NEED YOUR HELP!

Thanks

Andrea

P.s.
I would p.m. the address of the website by pm if you want to check from your location

[mkIV]

I am glad I am not the only one having this problem. I am also a new user on a new reseller account on a ew host. I moved several domains over and I can access them nor can my members within a 200 mile area of my location. OUtside this 200mile location everyone can access the sites.

I have been trying to fix this for the last 6 days now. Do you have any updates.

[vijeesh]

Open DNS server means that anybody can do dns lookup in your server.
You can remove this by editing your named.conf file.

vi /etc/named.conf

"options {
allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; };
};"
you can add the ips in your server also other than loopback ip.

[tweakservers]

for your name server, make sure the one you listed in your domain registrar are used or configured for the domain in your server. Apprently your DNS name server are not sync between your domain registrar and your DNS server.

[chirpy]

There are a multitude of threads that describe how to fix DNS recursion in BIND - please take the time to search the forums before starting a new thread on the topic.