What was that URL

I did some googling and searching on this forum, but for the life of me, I can't find it. What is the URL to that webbased domain checking utility that was so popular a bit ago on this forum? It did all kinds of things, analyzing your domain, reverse IP, mail servers, webservers, and gave one large comprehensive report with successes warnings and errors.

Sam Spade?? http://www.samspade.org/t/

nah, it was better than that. All you did was enter your domain once and it gave ya a comprehensive report on all the things I described above.

my first guess was Sam Spade but Scorpions4ever already mentioned it.


How about --> http://www.dnsreport.com

www.dnsreport.com is a good starting point, but keep in mind that there are several flaws in their script as well as their self-invented standards. Though you can count on them most of the time, but for any failure you need to test those yourself for 100% accuracy.

BTW, SilentRage, your dollardns.org looks pretty ugly from their report. You should fix some of the misconfiguration ASAP if they are under your control.

That's it. dnsreport is what I wanted.

Most of those warnings and stuff is related to how I setup hosting. ns1-2 is the same IP address and is used by people who want free hosting. I offer the free hosting from my home computer which is not as reliable. ns3-6 are external slave servers which update themselves based on the ns1 server. This way my paid hosting offer gives a person full control over their zone. Most hosts only offer A, CNAME, MX record support. So by using slave servers a user may update their domain on ns1 for the full control, but they use the ns3-6 for reliability.

As for the email thing, I host my own mail server, and I only got the one server. The mail server I chose to use doesn't appear to give the option of changing what it announces itself as. I won't be fixing that bug until I write my own simple SMTP server. I'm currently busy writing the dynamic IP client.

I was just curious as to what dnsreport had to say. Even you agree. I found it contradictory for you to down that script for its bugs and enforcing of made-up standards, and THEN tell me to fix my configuration to make it happy ASAP. In addition, the way you told me to fix my configuration can only be considered tactless and presuming.

Thank you for your detailed explaination on ns1-2 and ns3-6 situation to defend yourself. But that wasn't what I refer to about the report.


ns1.dollardns.org -> 68.51.39.58
ns2.dollardns.org -> 68.51.39.58
mail.dollardns.org -> 68.51.39.58
www.dollardns.org -> 68.51.39.58
dollardns.org -> 68.51.39.58
68.51.39.58 -> pcp456607pcs.shklfd01.ar.comcast.net

You can't deny the fact that you are putting your company's dns/www/mail at disavantage when you said "from my home computer which is not as reliable" because you host dns/www/mail on comcast.net's cable at home?



I don't blindly make assumption. It was based on evidence below.

The Mail thing
According to result of dnsreport:
WARN
Open relay test
WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam!
WARNING: mail.dollardns.org appears to be an open relay: 250 OK

This does not mean you are running an open relay mail server, but indicates that you have misconfigured your mail server in some ways. To confirm that an actual mail delivery test is required. I didn't bother to test that for you, just reminded you to test that yourself to ensure you are not running an open relay. It could be the case that you drop mails at next level (after the acceptance of a MAIL TO), that would just be a waste of resource at worst.

Running an open relay doesn't mean misconfiguration on itself, it could well be personal preference, if you think it that way.

The DNS thing

2) Let's query ns2.dollardns.org (you claimed to host it yourself) non-recursively:

3) Let's query ns2.dollardns.org for devshed.com:

The 3 query results show that your ns1.dollardns.org and ns2.dollardns.org are wild open for public use, where ns3.dollardns.org (your paid host) is not (without the weird ra error). According to FAQT: possibly launch Denial of Service (DOS) attacks against you at worst.
Again, your personal preference for not to secure your DNS as much as possible. You can say you do that on purpose so your clients can use your ns1 and ns2 freely. Your clients as well can use the nameservers provided by their ISP. Though, most real ISPs allow their customers as well as anyone on earth to use their nameservers anyway because they have a huge customer base.

Finally, it's all your personal preference. My fault for using fix as the term to put you DNS expert down. I should have said: You should consider a change to some of the configuration ASAP if they are under your control instead.

No hard feeling man, I don't self-claimed to be a DNS expert to put other people (especially a great DNS helper in devshed) down in purpose to make myself to look good. I am just trying to share my DNS experience with others and helping others. I am sure most members here know that based on my post count total.

"...to defend yourself"

Yes, I contemplated not saying my first two paragraphs cause it would seem like I'm defending myself - and even if it was, that doesn't necessarily mean there's something terribly wrong with it. But I think the main reason I mentioned all that was just the case of a person wanting to talk about their pet project, just cause they're proud of it. It's not a typical setup, but there are reasons for it.

"You can't deny the fact that you are putting your company's dns/www/mail at disavantage when you said "from my home computer which is not as reliable" because you host dns/www/mail on comcast.net's cable at home?"

I certainly can't. I've looked for free options to get my mail domain working on somebody elses server, and haven't had much luck. Certainly I would rather host my webserver on my own machine just for the pure power of it all. No free service comes close. There are NO disadvantage with ns1 and ns2 being on my box. After all, it is merely the master server. It is not used to resolve my domain. And even if my house blew up or something, the slave servers would remain authoritative for 2 weeks. But yes, in the case of mail and www, I'm disadvantaged, but there are reasons.

"WARNING: mail.dollardns.org appears to be an open relay: 250 OK"

My mail server is not an open relay. It redirects all incoming mail to my mailbox. I looked for an option to just reject non handled mail, and it still brings up a warning on dnsreport. *shrug*. This isn't cool however, cause mail scanners may target me, and I'd be spammed with ads meant for other people. But I can block them, and it can wait until I write my own server.

"I don't blindly make assumption. It was based on evidence below."

The assumption wasn't that you thought my configuration was not up to your standards. The assumption was based on the fact that I was just asking for the url for the dns report utility, and some guy jumps in and tells me that my domain looks ugly in it and that I should fix it. You "presumed" that I wanted your advice. It doesn't sit well with most people to be given advice when they didn't ask for it. It is even worse in the case where the recipient wasn't told anything they didn't know before - as if the recipient was ignorant and needed enlightenment.

"(you claimed it to be from a paid hosting elsewhere)"

No, I meant I use those servers to OFFER paid hosting. To host OTHER people's domains on those servers.

"The 3 query results show that your ns1.dollardns.org and ns2.dollardns.org are wild open for public use"

ns1 and ns2 are my home IP address. And I use it for my caching server. Yes, I could restrict caching to only local use, but I created the following script:

http://www.dollardns.org/cgi-bin/DNSCrawler/index.pl

Notice that localserver in the server field? That's my server. I offer my own server as one means for people to test their dns configuration. So that is why I leave recursion available to the world. DNS takes very little bandwidth, and I don't suffer for it.

"launch Denial of Service (DOS) attacks against you at worst"

Offering recursion doesn't make me any more of a victim of DOS than I already am by having a public domain.

"I am just trying to share my DNS experience with others and helping others."

Well just share with and help those who ask for it. When I asked for the url it was to check my domain with it. It made your entire post redundant of my intentions.

99% of BIND users don't know the difference between a content nameserver and caching nameserver. Glad to see that you are the other 1%.



www.dollardns.org -> 68.51.39.58
ns1.dollardns.org -> 68.51.39.58
ns2.dollardns.org -> 68.51.39.58

Your www and DNS are all local. I don't see why you can't restrict your caching nameserver for local use only without breaking your script.



"Running Apache on UNIX is safer than on Windows, therefore I don't need to be caution for it."
This is a personal preference as well as a bad practice in the sysadmin world. Any software that can be tighten, do so, and be proactive. Don't wait until it breaks and apply patches afterward.



Just because you are the original poster doesn't mean this thread solely belong to you, it belongs to anyone who reads it and benefits/misleads from reading it. My intent was to let readers decide what's a wise/appropriate way to do DNS.
I picked on you because you are a great DNS helper in devshed. Say I'm a auto mechanic and I see someone who is also a auto mechanic having a problem with his very own car he didn't even aware, I'd point out the problem to him (via PM here) or in front of his customers (the whole audience of devshed) but I chose to point that out in public. I apologize if you are losing face because of that.



When everyone gets "250 OK", whether or not you drop the mails on the floor afterward after it's being accepted, that's to encourage spammers to use your mail server at worst. Whether the mails actually get delivered to their destination is another story. You claim that it isn't an open relay, good for you if it's really the case.

"99% of BIND users don't know the difference between a content nameserver and caching nameserver. Glad to see that you are the other 1%."

Not only do I know the difference between an authoritative server, and a caching server, I know that it is strongly discouraged to mix the two. But it is legal, and in my case appropriate due to the unique setup.

"Your www and DNS are all local. I don't see why you can't restrict your caching nameserver for local use only without breaking your script."

lol, so very true. I concede this point. I shall restrict it at once.

"Running Apache on UNIX is safer than on Windows, therefore I don't need to be caution for it."

This mockery is very applicable to exploits. But since offering recursion is not an exploit, it does not fall under that category. You can DOS a recursive dns server as easily as you can DOS any computer on the internet with a public domain REGUARDLESS if it has open ports.

"Say I'm a auto mechanic and I see someone who is also a auto mechanic having a problem with his very own car he didn't even aware"

You're missing the point again. I don't fit that analogy cause I asked for the URL BECAUSE I wanted to check out my configuration for things I might need to change. So I WAS aware. Your post was redundant of my intentions.

"losing face"

I don't think I have. If people even ARE judging me, they would be judging me based upon my knowledge I've displayed thus far. Sure I make a mistake now and then like thinking I need to leave recursion open to the world, but that just means I'm human.

"that's to encourage spammers to use your mail server at worst"

I said much the same thing here:

"This isn't cool however, cause mail scanners may target me, and I'd be spammed with ads meant for other people. But I can block them, and it can wait until I write my own server."

(I've already seen this happen to a minor degree, and I KNOW it isn't relayed. YOU try to relay a mail through my server).

When you are done writing your own server, consider switching ISP to SpeakEasy.net. Why so? Because your IP is currently blacklisted on 5 blacklists solely comcast's fault and irrelevant to your mail server itself.


Sorry I don't do that kind of test. If I test it on some sites your IP could be blacklisted all over (possibly 10+), not just 5. I don't do that kind of damage to others for no gain.

yeah, that's another thing that I've been hating. I noticed the blacklisted deal. I'm actually considering making use of a virtual server, so that everything becomes gravey. I think I remember my uncle's use of a virtual server being quite inexpensive. Until then, I just don't send mail directly from my computer.

Oh dear no I'm not switching for speakeasy at all. I've done the DSL thing before. Cable is oh so much better. I download at a steady 380KB/s and seen spikes over 400KB/s, and I pay $50 a month. It's too much of course. I'd rather have faster upload than my 32KB/s. But a virtual server would make that unnecessary.

Most co-located virtual servers' IPs are on at least 5+ rbl blacklists. At least 30% of them have financial interest for knowingly