dnsreport help

[pacificw]

I need help in figuring out what these errors mean and how to fix them please.

The first is:

Mail server host name in greeting
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

blahhawebhosts.com claims to be host spring.blahhawebhosts.com [but that host is at 67.xxx.26.xx (may be cached), not 208.xx.169.xxx].

Not a clue what this means. Please help and explain.

The next is:

Acceptance of domain literals

WARNING: One or more of your mailservers does not accept mail in the domain literal format ([email protected][0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted (mailservers at many common large domains have this problem).

blahhawebhosts.com's [email protected][208.xx.169.xxx] response:<br /> >>> RCPT TO:<[email protected][208.xx.169.xxx]> <<< 501 <[email protected][208.xx.169.xxx]>: domain literals not allowed

Not a clue what this means. Please help and explain.


The next is:

Single Point of Failure
ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

I've not a clue what this means. Help! please. I do have 2 nameservers. I have ns1. and ns2. and both resolve to the IP's setup at where I have them registered at.

Nameservers on separate class C's
WARNING: All of your nameservers (listed at the parent nameservers) are in the same Class C (technically, /24) address space, which means that they are probably at the same physical location. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.

Okay, I know what this one means. Can I get a DNS account someplace and have it take over in case of a server failure on my server? Or does it have to be on a separate box thats located on the same router as my box now?

** domain-name and IP's have been changed to protect ddos attacks that I only get when posting information in this forum.

Thank you for any and all help. I'm really at a loss here and would like to finish getting this server setup.

fuggi

 

[mtindor]

Single Point of Failure - It's just saying that since both of your nameservers are actually the same literal machine, if that machine goes down you have no backup DNS - all of your DNS is done by a single machine.... not uncommon for a lot of Cpanel hosters.

Nameservers on Separate Class C's - Yeah you could use zonedit.com or a bunch of other ones (none bounce of my noggin at present though) as additional nameservers if you pay for the privilege. Nowadays this really should just be a 'single point of failure' thing as far as your concerned - If you are hosted at a Data Center with a bunch of bandwidth providers connected, the likelihood that one class C fed by that data center would have connectivity if the other class C didn't isn't nearly as high... and not as likely for those links to go down considering most have multiple providers and are running BGP.

Acceptance of Domain Literals - Means just what it describes. Per RFCs, one should be able to send email to a user (such as postmaster) @[ip.add.re.ss] - the main IP address of your machine. But as it describes, this isn't a must either since there are many large and small mail providers that do not allow this. Chances are that if somebody's mail system is so misconfigured that it cannot receive email at its hostname or some domain hosted on it, it probably isn't worth it for anybody to try to send mail to @[ipaddress] either.

Mail Server Hostname in Greeting - Your mail server, when it attempts to deliver mail, claims that it is spring.blahhawebhosts.com. However, spring.blahhawebhosts.com does not resolve to the IP address of that specific machine - it resolves to 67.xxx.26.xxx but your machine is 208.xx.169.xxx. Technically, DNSReport would expect to see that when it connects to blahhawebhosts.com mail server, the mail server would EHLO with blahhawebhosts.com and not spring.blahhawebhosts.com - But there may be legitimate reasons why you have blahhawebhosts.com on another server. Unless i knew more to make a better judgement, I wouldn't worry about this one. But you should make sure that if your main hostname (telnet localhost 25 and see what it announces itself as) to the main IP address on your ethernet adaptor for that machine and that the main IP address reverse resolves to the actual hostname of the machine. But of course, again without knowing full details, I wouldnt' advise you to just willynilly change hostnames or anything if your mail appears to be delivering fine and everything is functioning fine. I don't have all of the info needed.

- Mike

I need help in figuring out what these errors mean and how to fix them please.

The first is:

Not a clue what this means. Please help and explain.

The next is:

Not a clue what this means. Please help and explain.


The next is:

I've not a clue what this means. Help! please. I do have 2 nameservers. I have ns1. and ns2. and both resolve to the IP's setup at where I have them registered at.



Okay, I know what this one means. Can I get a DNS account someplace and have it take over in case of a server failure on my server? Or does it have to be on a separate box thats located on the same router as my box now?

** domain-name and IP's have been changed to protect ddos attacks that I only get when posting information in this forum.

Thank you for any and all help. I'm really at a loss here and would like to finish getting this server setup.

fuggi

 

[pacificw]

Mail Server Hostname in Greeting - Your mail server, when it attempts to deliver mail, claims that it is spring.blahhawebhosts.com. However, spring.blahhawebhosts.com does not resolve to the IP address of that specific machine - it resolves to 67.xxx.26.xxx but your machine is 208.xx.169.xxx. Technically, DNSReport would expect to see that when it connects to blahhawebhosts.com mail server, the mail server would EHLO with blahhawebhosts.com and not spring.blahhawebhosts.com - But there may be legitimate reasons why you have blahhawebhosts.com on another server. Unless i knew more to make a better judgement, I wouldn't worry about this one. But you should make sure that if your main hostname (telnet localhost 25 and see what it announces itself as) to the main IP address on your ethernet adaptor for that machine and that the main IP address reverse resolves to the actual hostname of the machine. But of course, again without knowing full details, I wouldnt' advise you to just willynilly change hostnames or anything if your mail appears to be delivering fine and everything is functioning fine. I don't have all of the info needed.

Okay, still kinda confused on this one. To explain further. The place I got my dedicated box from assigned me a main IP (which they put in cpanel as well to use for all virtual hosts) and bogus server name. I went in and changed the server name. I then went into cpanel and changed the shared ip (which was the main ip) to another ip I got from them so that I wouldn't have all virtual websites being ran off my main server ip. I do have a dns zone file for the following. I do have the ips that are being used right now reverse resolved (well at least they should be (but dont think they are)) but this issue came before the problem i'm having now with the ns1/ns2 not working at the moment.

servername.host.com - uses the servers main IP
host.com - uses shared ip
host2.com - uses shared ip
ns1.host.com - uses dedicated ip
ns2.host.com - uses dedicated ip

does that explain my situation a bit better/more?

 

[jayh38]

Okay, still kinda confused on this one. To explain further. The place I got my dedicated box from assigned me a main IP (which they put in cpanel as well to use for all virtual hosts) and bogus server name. I went in and changed the server name. I then went into cpanel and changed the shared ip (which was the main ip) to another ip I got from them so that I wouldn't have all virtual websites being ran off my main server ip. I do have a dns zone file for the following. I do have the ips that are being used right now reverse resolved (well at least they should be (but dont think they are)) but this issue came before the problem i'm having now with the ns1/ns2 not working at the moment.

servername.host.com - uses the servers main IP
host.com - uses shared ip
host2.com - uses shared ip
ns1.host.com - uses dedicated ip
ns2.host.com - uses dedicated ip

does that explain my situation a bit better/more?

For the domain in question, edit the dns zone of that domain and put in the FQN of the servers host name for the MX.

So instead of
domain.com 14400 in MX 0 domain.com
use
domain.com 14400 in MX 0 host.domain.com

This will happen if your root domain is on a dedicated IP and not on the share IP.

 

[pacificw]

I'm sorry Jay, can you explain that a bit differently, I'm not completely understanding what you're saying. the domain in question is blahdomain.com so what do I put for "host".blahdomain.com to make it work?

thanks for the help

 

[mtindor]

I'm sorry Jay, can you explain that a bit differently, I'm not completely understanding what you're saying. the domain in question is blahdomain.com so what do I put for "host".blahdomain.com to make it work?

thanks for the help

As Jay explained in:

So instead of
host.com 14400 in MX 0 host.com
use
host.com 14400 in MX 0 servername.host.com

Edit the DNZ zonefile for host.com. Find the MX entry - and to the right of MX 0 change 'host.com' to 'servername.host.com'

In the end you should have something like:

host.com 14400 in MX 0 servername.host.com as your only MX

When you go to DNSReports and type in 'host.com', it does a lookup of the MX (which currently points to host.com). It then attempts to connect to 'host.com' on the shared IP. The machine responds by introducing itself as servername.host.com (because that's the main hostname of the machine and is mapped to the main IP on the adapter).

DNSreports checks and resolves host.com to the shared IP and then checks and resolves servername.host.com to another IP.

I don't think that changing the MX is going to resolve this part of the DNSReport finding:

blahhawebhosts.com claims to be host spring.blahhawebhosts.com [but that host is at 67.xxx.26.xx (may be cached), not 208.xx.169.xxx].

As long as host.com resolves to 208.xx.169.xxx and servername.host.com resolves to 67.xxx.26.xx, DNSReports is going to continue saying this. What DNSReports is 'hoping' to find is that the MX for host.com resolves to the same IP address as the hostname that the machine announces itself as in the SMTP greeting.

host.com - 208.xx.169.xxx
servername.host.com - 67.xxx.26.xx

Exim announces itself as servername.host.com during EHLO. servername.host.com is 67.xxx.26.xx.

The only way to get rid of this message in DNSReports is to have host.com resolve to the same IP address as servername.host.com. This means that host.com would need to be hosted on the main IP address of the server.

Mike

 

[jayh38]

Either way, if you put in your full host name of the mail server, it will indeed resolve to the IP which handles the mail. This is what DNS report is looking for. I am not completely sure if the contrasting IP's are the same server or not but either way, you need to put in the fully qualified host name as your mail server.

If this is the box you have access to, then simply type in ssh,

hostname

to get the fully qualified name and you should also be able to ping the hostname as well.

One last comment, DNS Report may be cached so it may take up to a full day to see the error cleared.

Good luck.