Thread: SOA and MX

    #1
  1. No Profile Picture
    Masked Chicken
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    Ohio/Pennsylvania
    Posts
    107
    Rep Power
    14

    SOA and MX


    I was told my SOA and MX are highly misconfigured
    what should I do ?

    skeasor
    ____________
    Thanks,
    Skeasor

    Got Debian Linux?
    www.debian.org
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Because serriaweb.com (your host) doesn't have a clue what DNS is. Should you continue to host with them, your site(s) will suffer timeouts, unreachable or the like errors.

    First off, their DNS is misconfigured.

    # dnsqr soa sierraweb.com
    6 sierraweb.com:
    78 bytes, 1+1+0+0 records, response, noerror
    query: 6 sierraweb.com
    answer: sierraweb.com 3600 SOA sierraweb.com hostmaster.sierraweb.com 1806903785 1800 300 172800 3600

    - sierraweb.com is NOT FQDN.
    - SOA is not the one in bold above (sierraweb.com). It should be ns1.sierraweb.com.
    - ns1.sierraweb.com resolves to 216.218.219.2, which has a broken reverse. As a host, you must have a working reverse.
    dnsname 216.218.219.2 returns nothing.
    - MX with a broken reverse is extremely bad as a host.

    # dnsmx sierraweb.com

    20 smtp.sierraweb.com
    10 mail.sierraweb.com

    smtp.sierraweb.com has the same IP as ns1.sierraweb.com. To have a more reliable MX, they need to change smtp.sierraweb.com to ns1.sierraweb.com. Anyhow, their reverse is broken, so don't host with them.

    Now let's check your zone record:

    # dnsqr soa susquenita.com
    6 susquenita.com:
    89 bytes, 1+1+0+0 records, response, noerror
    query: 6 susquenita.com
    answer: susquenita.com 43200 SOA susquenita.com hostmaster.sierraweb.com 2840239817 3600 1800 1209600 43200

    - The SOA for your domain must be ns1.sierraweb.com so the authority
    can be traced to the roots.

    # dnsmx susquenita.com

    10 mail.susquenita.com

    - Each MX should be known by ONE FQDN that gives you the fastest DNS lookup, when multiple FAQNs resolve to the same IP. So whatever FQDN of xxx.susquenita.com has the highest preference, set your MX to it. You also can set your MX to skeasor.static.pa.net for more reliability.

    Do the same for your other domain. There are more misconfiguration but they are minor and I am not going to spend more time to point those out here.
  4. #3
  5. No Profile Picture
    Masked Chicken
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    Ohio/Pennsylvania
    Posts
    107
    Rep Power
    14

    you know your stuff...


    You really know your stuff about this whole networking business. How long have you been studying ?

    skeasor
    ____________
    Thanks,
    Skeasor

    Got Debian Linux?
    www.debian.org
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Been working for years.

    Actually DNS is a rather simple protocol but too many dnsadmins are just clueless. I believe at least 30% of DNS servers on the net are misconfigured in some ways. Who should they blame that on? BIND developers.

IMN logo majestic logo threadwatch logo seochat tools logo