October 9th, 2013, 06:00 AM
Accessibility of DNS nameservers across the globe
From Breda, the Netherlands on Wed Oct 9 11:18:25 CEST 2013
I tested the connectivity of my DNS setup for domain stokkie.net
at several places :
Is everything working OK from the Netherlands ? :
dnscheck dot sidn dot nl (NETHERLANDS GELDERLAND EDE)
Everything is fine ... :
Alle tests zijn in orde
stokkie dot net, 2013-10-09 10:26:56
Test uitgevoerd met DNSCheck v1.3.0
Is everything working OK from Romania ? :
www dot intodns dot com (ROMANIA RO CLUJ-NAPOCA)
My nameserver records are found, but intodns dot com cannot connect to
both of my nameserver ip's. For www dot stokkie dot net intodns dot com
cannot retrieve a A record ... :
Category Status Test name Information send feedback
Parent Info Domain NS records Nameserver records returned by the
parent servers are:
ns1 dot stokkie dot net ['22.214.171.124'] [TTL=172800]
ns2 dot stokkie dot net ['126.96.36.199'] [TTL=172800]
a dot gtld-servers dot net was kind enough to give us that
Pass TLD Parent Check Good.
a dot gtld-servers dot net, the parent server I interrogated,
has information for your TLD. This is a good thing as there are
some other domain extensions like "co.us" for example that are
missing a direct check.
Pass Your nameservers are listed Good.
The parent server a.gtld-servers.net has your nameservers
listed. This is a must if you want to be found as anyone that
does not know your DNS servers will first ask the parent
Pass DNS Parent sent Glue Good.
The parent nameserver sent GLUE, meaning he sent your
nameservers as well as the IPs of your nameservers. Glue
records are A records that are associated with NS records to
provide "bootstrapping" information to the nameserver.(see RFC
1912 section 2.3)
Pass Nameservers A records Good.
Every nameserver listed has A records. This is a must if you
want to be found.
NS Info NS records from your nameservers
NS records got from your nameservers listed at
the parent NS are:
Oups! I could not get any nameservers from your nameservers
(the ones listed at the parent server). Please verify that they
are not lame nameservers and are configured properly.
Pass Recursive Queries Good.
Your nameservers (the ones reported by the parent server) do
not report that they allow recursive queries for anyone.
Pass Same Glue Hmm,I do not consider this to be an error yet,
since I did not detect any nameservers at your nameservers.
Pass Glue for NS records OK.
Your nameservers (the ones reported by the parent server) have
no ideea who your nameservers are so this will be a pass since
you already have a lot of errors!
Error Mismatched NS records WARNING: One or more of your
nameservers did not return any of your NS records.
Error DNS servers responded ERROR: One or more of your
nameservers did not respond:
The ones that did not respond are:
Pass Name of nameservers are valid OK.
The nameservers reported by the parent send out nothing as
shown above. I can't check nothing so it's a green!
Error Multiple Nameservers ERROR: Looks like you have less
than 2 nameservers. According to RFC2182 section 5 you must
have at least 3 nameservers, and no more than 7. Having 2
nameservers is also ok by me.
Pass Nameservers are lame OK. All the nameservers listed
at the parent servers answer authoritatively for your domain.
Pass Missing nameservers reported by parent OK. All NS records
are the same at the parent and at your nameservers.
Error Missing nameservers reported by your nameservers
You should already know that your NS records at your
nameservers are missing, so here it is again:
ns1 dot stokkie dot net
ns2 dot stokkie dot net
Pass Domain CNAMEs OK. RFC1912 2.4 and RFC2181 10.3 state
that there should be no CNAMEs if an NS (or any other) record
Pass NSs CNAME check OK. RFC1912 2.4 and RFC2181 10.3
state that there should be no CNAMEs if an NS (or any other)
record is present.
Pass Different subnets OK. Looks like you have nameservers
on different subnets!
Pass IPs of nameservers are public Ok. Looks like the IP
addresses of your nameservers are public. This is a good thing
because it will prevent DNS delays and other problems like
Pass DNS servers allow TCP connection OK.
Seems all your DNS servers allow TCP connections. This is a
good thing and useful even if UDP connections are used by
Pass Different autonomous systems OK. It seems you are safe
from a single point of failure. You must be careful about this
and try to have nameservers on different locations as it can
prevent a lot of problems if one nameserver goes down.
Pass Stealth NS records sent Ok. No stealth ns records
SOA Error SOA record No valid SOA record came back!
MX Error MX Records Oh well, I did not detect any MX records
so you probably don't have any and if you know you should have
then they may be missing at your nameservers!
WWW Error WWW A Record ERROR: I could not get any A records for
www dot stokkie dot net!
(I only do a cache request, if you recently added a WWW A
record, it might not show up here.)
Processed in 17.636 seconds.
Is everything working OK in Sweden ? :
dnscheck dot pingdom dot com (SE STOCKHOLM)
stokkie dot net 2013-10-09 10:30:56
Failed to find name servers of stokkie dot net/IN.
No name servers found at child.
No name servers could be found at the child. This usually means
that the child is not configured to answer queries about the zone.
Is everything working OK in the USA ? :
www dot dnsstuff dot com (TX AUSTIN)
DNSreport Results for stokkie dot net
Input domain stokkie dot net is not recognized.
Please run the DNSReport with proper input.
mxtoolbox dot com (US MASSACHUSETTS)
This SuperTool immediately finds ALL of my MX records. All is Fine
it even checks if the nameserver ip's are blacklisted and if a SMTP
test succeeds ..... SMTP test ? :
Connecting to 188.8.131.52
SendSMTPCommand: Timeout waiting for response after 15 seconds.
Connecting to 184.108.40.206
220 mail dot hardebol dot nl ESMTP Postfix (Ubuntu) [3026 ms]
EHLO please-read-policy dot mxtoolbox dot com
250-mail dot hardebol dot nl
250 DSN [749 ms]
MAIL FROM: <supertool at mxtoolbox dot com>
250 2.1.0 Ok [764 ms]
RCPT TO: <test at example dot com>
554 5.7.1 <test at example dot com>: Relay access denied [749 ms]
SendSMTPCommand: You hung up on us after we connected. Please
whitelist us. (connection lost)
My conclusion is that at my side, DNS and SMTP for domain stokkie.net are
properly configured, but that at other places (overseas in the USA
and other parts of Europe) not even the nameserver records for
stokkied dot net are retrievable through DNS. One can say DNS has evolved
into a broken system, i would say its time to clean up questionable
DNS admins across the globe, who sometimes even are ordered to
block certain DNS UDP traffic.
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery dot org stock at stokkie dot net