Www.dnsreport.com - FAIL sections?


#1

Hello.

I recently transferred domain vesic.org to DreamHost. One of the usual checks that I perform afterwards is to see what http://www.dnsreport.com/ says about new domain parameters.

I found couple of FAIL sections:

Lame nameservers:

“ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
66.33.216.216
66.201.54.66”

Stealth NS record leakage:

"Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [TLD4.ULTRADNS.ORG.]!
Stealth nameservers are leaked [TLD5.ULTRADNS.info.]!
Stealth nameservers are leaked [TLD6.ULTRADNS.CO.UK.]!
Stealth nameservers are leaked [TLD1.ULTRADNS.NET.]!
Stealth nameservers are leaked [TLD2.ULTRADNS.NET.]!
Stealth nameservers are leaked [TLD3.ULTRADNS.ORG.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries."

Do you have same problems with your domains?


Regards,
Dejan Vesiæ

http://www.vesic.org/english


#2

For one domain registered at dreamhost, I get the same result.
For another domain not registered at dreamhost but hosted at dreamhost, get the following result:

ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
66.201.54.66
66.33.216.216

but I am fine for the other:
Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.


#3

Aye, I set my domain to hit the three ns1/2/3.dreamhost.com DNS servers. And after 24 hours - this is what I get:

WARN All nameservers report identical NS records

WARNING: At least one of your nameservers did not return your NS records (it reported 0 answers). This could be because of a referral, if you have a lame nameserver (which would need to be fixed).

66.201.54.66 returns 0 answers (may be a referral)

FAIL All nameservers respond ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are:

66.33.216.216

FAIL Lame nameservers

ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
66.201.54.66


#4

I’d normally take this with a pinch of salt, but I have been seeing a lot of name resolution slowness from DH lately…

ERROR: Some of your nameservers listed at the parent nameservers did not respond. The ones that did not respond are:

66.201.54.66
66.33.206.206