The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Open DNS servers and Missing (stealth) nameservers HUGE PROBLEMS!

Discussion in 'Bind / DNS / Nameserver Issues' started by andreaf, May 17, 2006.

Thread Status:
Not open for further replies.
  1. andreaf

    andreaf Member

    Joined:
    Jun 16, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Hi there,
    I have a domain .it I can surf, I can access the Webmail, Cpanel (Customer says he can't) and I can't create subdomains.

    Webmail, Cpanel and subdomains have always worked for any domain .it we've hosted until some days ago.
    Already created subdomains work, new ones don't.

    The customer not accessing the webmail and cpanel feature says he's not behind a firewall and stated that he could not access even abroad (the website webmail and cpanel access has been positively tested by users from various countries).

    Dnsreport.com shows me this:

    *********************************************************
    FAIL
    Open DNS servers

    ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

    Server 217.11.80.19 reports that it will do recursive lookups. [test]
    Server 217.11.80.2 reports that it will do recursive lookups. [test]

    -----

    FAIL
    Missing (stealth) nameservers

    FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

    ns.multilinkitalia.it.
    dns3.nic.it.
    lenna.easyasp.it.

    This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

    -----

    FAIL
    Missing nameservers 2

    ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
    dns2.multilink.net.
    dns1.multilink.net.

    *********************************************************

    We're on a semi-managed dedicate server.

    My questions are:
    1) Is the problem related to the domain registrar or to the manager of the server?
    2) We can access to WHM, what are the steps I have to take to deal with this problem?

    I REALLY NEED YOUR HELP!

    Thanks

    Andrea

    P.s.
    I would p.m. the address of the website by pm if you want to check from your location
     
  2. mkIV

    mkIV Registered

    Joined:
    May 28, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I am glad I am not the only one having this problem. I am also a new user on a new reseller account on a ew host. I moved several domains over and I can access them nor can my members within a 200 mile area of my location. OUtside this 200mile location everyone can access the sites.

    I have been trying to fix this for the last 6 days now. Do you have any updates.
     
  3. vijeesh

    vijeesh Member

    Joined:
    May 26, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Open DNS

    Open DNS server means that anybody can do dns lookup in your server.
    You can remove this by editing your named.conf file.

    vi /etc/named.conf

    "options {
    allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; };
    };"
    you can add the ips in your server also other than loopback ip.
     
  4. tweakservers

    tweakservers Well-Known Member

    Joined:
    Mar 30, 2006
    Messages:
    379
    Likes Received:
    0
    Trophy Points:
    16
    for your name server, make sure the one you listed in your domain registrar are used or configured for the domain in your server. Apprently your DNS name server are not sync between your domain registrar and your DNS server.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    There are a multitude of threads that describe how to fix DNS recursion in BIND - please take the time to search the forums before starting a new thread on the topic.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page