[quote:c733491225][i:c733491225]Originally posted by jamesbond[/i:c733491225]
.
.
How can I disable recursive lookups?
[/quote:c733491225]
In /etc/named.conf, add &recursion no& within options:
options {
.
.
recursion no;
}
.
.
How can I disable recursive lookups?
[/quote:c733491225]
In /etc/named.conf, add &recursion no& within options:
options {
.
.
recursion no;
}
If I do this, will the cpanel nameservers still continue to work properly?
What are the exact implications of disabling recursive lookups?
At the moment I'm using these nameservers only for domains that are also on the same server.
I would need to allow zone transfers from certain ip's (some registries in Europe require allowing zonetransfer, otherwise you can't register the domains)
What are the exact implications of disabling recursive lookups?
At the moment I'm using these nameservers only for domains that are also on the same server.
I would need to allow zone transfers from certain ip's (some registries in Europe require allowing zonetransfer, otherwise you can't register the domains)
Not sure why the &named.conf& file was mentioned as this seems more for the httpd.conf file.
Look for this:
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
and make sure &Off& is used instead of &On&.
Look for this:
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
and make sure &Off& is used instead of &On&.
Ok, now I'm really curious. I checked some of the tests at DNSstuff but was not able to find one as described in this thread. Can someone provide the exact URL or info on which test is being used?
Do the dns timing for the www cname, at the bottom should be the points taken off.
Losing 2 is not as bad as being penalized 8 points because your a .ca name.
www.virtual-hosting.ca
Took off 8 points for &.ca& TLD
Now that sucks!
Losing 2 is not as bad as being penalized 8 points because your a .ca name.
www.virtual-hosting.ca
Took off 8 points for &.ca& TLD
Now that sucks!
Ok, that explains it. I do not have CNAME for my Nameservers -- only A. I had thought that A records were better to have then CNAME. Is it better to have it the other way around or, if one should have both, what files would need to be editted?
Well,
dnsreport.com for www.virtual-hosting.ca
PASS - OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
I am not using cnames for my ns only A records. The only error is for ptr, which I thought was wierd because we do have ptr records setup.
dnsreport.com for www.virtual-hosting.ca
PASS - OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
I am not using cnames for my ns only A records. The only error is for ptr, which I thought was wierd because we do have ptr records setup.
My confusion. I somehow got on to the idea to do the test for Nameservers. Once I used the Domain name only (for the A test) it worked fine. Added in the &non-recursive& option -- for others who do it, don't forget to Restart Bind -- and shall track it.
Interesting though, when I do the test for CNAME using my Domain name, I get - Answer: Does not exist. Although I know for a fact there is a CNAME entry. I don't feel so bad though as the same error shows for &virtual-hosting.ca& as well. Probably others too, although, I can only conclude it has something to do with Nameservers -- which we're pretty much agreed, should not have a CNAME entry.
Interesting though, when I do the test for CNAME using my Domain name, I get - Answer: Does not exist. Although I know for a fact there is a CNAME entry. I don't feel so bad though as the same error shows for &virtual-hosting.ca& as well. Probably others too, although, I can only conclude it has something to do with Nameservers -- which we're pretty much agreed, should not have a CNAME entry.
The 2nd one down
[quote:b79c667d8a][i:b79c667d8a]Originally posted by Website Rob[/i:b79c667d8a]
Ok, now I'm really curious. I checked some of the tests at DNSstuff but was not able to find one as described in this thread. Can someone provide the exact URL or info on which test is being used?[/quote:b79c667d8a]
It is the 2nd one down on the left hand side 'DNS Timing'.
Yes A records are better than CNAME. But it is OK if you have the main A record and use CNAME for third level (eg. mail, www etc)
From dnsreport.com:
OK. You do have a CNAME record for www.yourdomain.com, which can cause some confusion. However, this is legal. Your CNAME entry also returns the A record for the CNAME entry, which is good -- otherwise, it would require an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. Note that if the CNAME points to another CNAME, it will likely cause problems.
More:
Some domains have a CNAME record for their WWW server that requires an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth.
WHM adds the CNAME's by default for mail and www. You can manually change this to A and add the IP instead of the domain name. Otherwise what it is doing is saying yourdomain.com 'A' record is 123.456.789.012 then the CNAME of www points to yourdomain.com so the DNS is looked up again to see who yourdomain.com is (being the 'A' record).
Make sense ?
Jeff.
[quote:b79c667d8a][i:b79c667d8a]Originally posted by Website Rob[/i:b79c667d8a]
Ok, now I'm really curious. I checked some of the tests at DNSstuff but was not able to find one as described in this thread. Can someone provide the exact URL or info on which test is being used?[/quote:b79c667d8a]
It is the 2nd one down on the left hand side 'DNS Timing'.
Yes A records are better than CNAME. But it is OK if you have the main A record and use CNAME for third level (eg. mail, www etc)
From dnsreport.com:
OK. You do have a CNAME record for www.yourdomain.com, which can cause some confusion. However, this is legal. Your CNAME entry also returns the A record for the CNAME entry, which is good -- otherwise, it would require an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. Note that if the CNAME points to another CNAME, it will likely cause problems.
More:
Some domains have a CNAME record for their WWW server that requires an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth.
WHM adds the CNAME's by default for mail and www. You can manually change this to A and add the IP instead of the domain name. Otherwise what it is doing is saying yourdomain.com 'A' record is 123.456.789.012 then the CNAME of www points to yourdomain.com so the DNS is looked up again to see who yourdomain.com is (being the 'A' record).
Make sense ?
Jeff.
[quote:bdd97f2408][i:bdd97f2408]Originally posted by Website Rob[/i:bdd97f2408]
Interesting though, when I do the test for CNAME using my Domain name, I get - Answer: Does not exist. Although I know for a fact there is a CNAME entry. I don't feel so bad though as the same error shows for &virtual-hosting.ca& as well. Probably others too, although, I can only conclude it has something to do with Nameservers -- which we're pretty much agreed, should not have a CNAME entry.[/quote:bdd97f2408]
You get &Does not exist& because the domain name &virtual-hosting.ca& only has an &A& record in DNS, it's the www that is the cname to the &A& record.
Interesting though, when I do the test for CNAME using my Domain name, I get - Answer: Does not exist. Although I know for a fact there is a CNAME entry. I don't feel so bad though as the same error shows for &virtual-hosting.ca& as well. Probably others too, although, I can only conclude it has something to do with Nameservers -- which we're pretty much agreed, should not have a CNAME entry.[/quote:bdd97f2408]
You get &Does not exist& because the domain name &virtual-hosting.ca& only has an &A& record in DNS, it's the www that is the cname to the &A& record.
DOH!
I am so used to not using &www& for anything I do (testing, URL's, etc.), I forgot all about adding it in. :p
Also...
Jeff, your explaination is good and makes sense. Although it seems &either, or& can be used in some cases, I use CNAME for: www, mail, ftp as that is what my DC recommended. What do I know. LOL
I am so used to not using &www& for anything I do (testing, URL's, etc.), I forgot all about adding it in. :p
Also...
Jeff, your explaination is good and makes sense. Although it seems &either, or& can be used in some cases, I use CNAME for: www, mail, ftp as that is what my DC recommended. What do I know. LOL
No Email
[quote:64a5dcc2c9][i:64a5dcc2c9]Originally posted by leat[/i:64a5dcc2c9]
[quote:64a5dcc2c9][i:64a5dcc2c9]Originally posted by jamesbond[/i:64a5dcc2c9]
.
.
How can I disable recursive lookups?
[/quote:64a5dcc2c9]
In /etc/named.conf, add &recursion no& within options:
options {
.
.
recursion no;
}
[/quote:64a5dcc2c9]
Mmmmm although it did the trick in dnsstuff.com and dnsreport.com, I was wondering why my email was so quiet.
----- Transcript of session follows -----
... while talking to mydomain.com.:
&&& DATA
&&& 550 rejected: cannot route to sender &[email protected]&
554 5.0.0 Service unavailable
Took the setting back off and OK for mail, now the DNS problem. Oh well will have to live with 2 points off :-(
(better than the 8 for .ca)
Jeff.
[quote:64a5dcc2c9][i:64a5dcc2c9]Originally posted by leat[/i:64a5dcc2c9]
[quote:64a5dcc2c9][i:64a5dcc2c9]Originally posted by jamesbond[/i:64a5dcc2c9]
.
.
How can I disable recursive lookups?
[/quote:64a5dcc2c9]
In /etc/named.conf, add &recursion no& within options:
options {
.
.
recursion no;
}
[/quote:64a5dcc2c9]
Mmmmm although it did the trick in dnsstuff.com and dnsreport.com, I was wondering why my email was so quiet.
----- Transcript of session follows -----
... while talking to mydomain.com.:
&&& DATA
&&& 550 rejected: cannot route to sender &[email protected]&
554 5.0.0 Service unavailable
Took the setting back off and OK for mail, now the DNS problem. Oh well will have to live with 2 points off :-(
(better than the 8 for .ca)
Jeff.
Good call Jeff, I was just starting to look into the same problem. Suddenly started getting all kinds of &failed& eMail msgs. &unrouteable mail domain& yet no problem with the Domain names they were being sent to.
Even though I had added in the missing semi-colon from the example:
options {
recursion no;
};
it still didn't seem to work properly.
Even though I had added in the missing semi-colon from the example:
options {
recursion no;
};
it still didn't seem to work properly.
[quote:9e2af8edf6][i:9e2af8edf6]Originally posted by Website Rob[/i:9e2af8edf6]
Good call Jeff, I was just starting to look into the same problem. Suddenly started getting all kinds of &failed& eMail msgs. &unrouteable mail domain& yet no problem with the Domain names they were being sent to.
Even though I had added in the missing semi-colon from the example:
options {
recursion no;
};
it still didn't seem to work properly.[/quote:9e2af8edf6]
I posted earlier in the thread asking what the consequences would be of disabling recursive lookups.
So it seems disabling it causes problems with exim, because it can't do domain lookups anymore.
Good call Jeff, I was just starting to look into the same problem. Suddenly started getting all kinds of &failed& eMail msgs. &unrouteable mail domain& yet no problem with the Domain names they were being sent to.
Even though I had added in the missing semi-colon from the example:
options {
recursion no;
};
it still didn't seem to work properly.[/quote:9e2af8edf6]
I posted earlier in the thread asking what the consequences would be of disabling recursive lookups.
So it seems disabling it causes problems with exim, because it can't do domain lookups anymore.
Try this:
Replace the blank IP listing with as many local IP's you have or people authorized to do recursive off your DNS server - this allows local services to use DNS lookups for mail etc.
Hope this helps.
Code:
options {
allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; };
};Hope this helps.