LinkBack URL
About LinkBacks
Making sure DNS is set up correctly
If you're like me, you find DNS a real pain to set up and get right. There is a great resource called dnsreport.com. It helps you determine if your set up is ok or messed up and offers instructions to fix problems. But even those can be confusing. I thought whoever wants to check on their DNS can use this thread to point out which entries are bad and we can collectively help each other understand how to fix it, particularly as to how it relates to CPanel.
Here are the bad entries for one of my domains:
A techie who helped me set up the domain told me it's just easiest with cpanel to use nameservers on your own machine. In fact, 2 guys said that to me. Can we add additional DNS servers offsite to get rid of that warning and have a backup if the machine goes down and we want to point to a different server, even if temporarily? Has anyone set this up and if so, how?WARN Nameservers on separate class C's WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C (technically, /24) address space, which means that they are probably at the same physical location. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
Where do we change this?WARN SOA REFRESH value WARNING: Your SOA REFRESH interval is : 14400 seconds. This seems a bit high. You should consider decreasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours, with the longer time periods used for very slow Internet connections; 12 hours seems very high to us), and if you are using DNS NOTIFY the refresh value is not as important (RIPE recommends 86400 seconds if using DNS NOTIFY). This value determines how often secondary/slave nameservers check with the master for updates. A value that is too high will cause DNS changes to be in limbo for a long time.
Ditto.WARN SOA EXPIRE value WARNING: Your SOA EXPIRE time is : 3600000 seconds. This seems a bit high. You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
huh?WARN Multiple MX records WARNING: You only have 1 MX record. If your primary mail server is down or unreachable, there is a chance that mail may have troubles reaching you.
huh? How do I fix thisWARN Mail server host name in greeting WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but is a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server.
mydomain.com claims to be host somehost.mydnsserver.com [but that host is at xx.xx.xxx.xxx, not xx.xx.xxx.xxy].
This link points to http://spf.pobox.com/ where I have several other questions, but let's tackle this one first.WARN SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
I hope we can make some headway on this. I believe some of the warns are default values in cpanel setups.
Reply With Quote
Originally Posted by dwh2
