[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Can't resolve hijiffy.com on Googloe Public DNS



TESTS:

Follow IntoDNS on 
Twitter


CategoryStatusTest nameInformation
ParentInfoDomain NS recordsNameserver records returned by the parent servers are:

ns-73.awsdns-09.com.   ['205.251.192.73']   [TTL=172800] 
ns-715.awsdns-25.net.   ['205.251.194.203']   [TTL=172800] 
ns-1635.awsdns-12.co.uk.   ['205.251.198.99'] (NO GLUE)   [TTL=172800] 
ns-1434.awsdns-51.org.   ['205.251.197.154'] (NO GLUE)   [TTL=172800] 

a.gtld-servers.net was kind enough to give us that information. 

Web hosting - Hosterion

PassTLD Parent CheckGood. a.gtld-servers.net, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check.
PassYour nameservers are listedGood. The parent server a.gtld-servers.net has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
InfoDNS Parent sent GlueThe parent nameserver a.gtld-servers.net is not sending out GLUE for every nameservers listed, meaning he is sending out your nameservers host names without sending the A records of those nameservers. It's ok but you have to know that this will require an extra A lookup that can delay a little the connections to your site. This happens a lot if you have nameservers on different TLD (domain.com for example with nameserver ns.domain.org.)
PassNameservers A recordsGood. Every nameserver listed has A records. This is a must if you want to be found.
NSInfoNS records from your nameserversNS records got from your nameservers listed at the parent NS are:

ns-1434.awsdns-51.org  ['205.251.197.154']   [TTL=3600] 
ns-1635.awsdns-12.co.uk  ['205.251.198.99']   [TTL=3600] 
ns-715.awsdns-25.net  ['205.251.194.203']   [TTL=3600] 
ns-73.awsdns-09.com  ['205.251.192.73']   [TTL=3600] 

PassRecursive QueriesGood. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone.
PassSame GlueThe A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This tests only nameservers that are common at the parent and at your nameservers. If there are any missing or stealth nameservers you should see them below!
InformationGlue for NS recordsINFO: GLUE was not sent when I asked your nameservers for your NS records.This is ok but you should know that in this case an extra A record lookup is required in order to get the IPs of your NS records. The nameservers without glue are: 
205.251.194.203
205.251.192.73
205.251.198.99
205.251.197.154
You can fix this for example by adding A records to your nameservers for the zones listed above.
PassMismatched NS recordsOK. The NS records at all your nameservers are identical.
PassDNS servers respondedGood. All nameservers listed at the parent server responded.
PassName of nameservers are validOK. All of the NS records that your nameservers report seem valid.
PassMultiple NameserversGood. You have multiple nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
PassNameservers are lameOK. All the nameservers listed at the parent servers answer authoritatively for your domain.
PassMissing nameservers reported by parentOK. All NS records are the same at the parent and at your nameservers.
PassMissing nameservers reported by your nameserversOK. All nameservers returned by the parent server a.gtld-servers.net are the same as the ones reported by your nameservers.
PassDomain CNAMEsOK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
PassNSs CNAME checkOK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
PassDifferent subnetsOK. Looks like you have nameservers on different subnets!
PassIPs of nameservers are publicOk. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like
PassDNS servers allow TCP connectionOK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default.
PassDifferent autonomous systemsOK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down.
PassStealth NS records sentOk. No stealth ns records are sent
SOAInfoSOA recordThe SOA record is:
Primary nameserver: ns-715.awsdns-25.net
Hostmaster E-mail address: awsdns-hostmaster.amazon.com
Serial #: 1 
Refresh: 7200 
Retry: 900 
Expire: 1209600   2 weeks
Default TTL: 86400 
PassNSs have same SOA serialOK. All your nameservers agree that your SOA serial number is 1.
PassSOA MNAME entryOK. ns-715.awsdns-25.net That server is listed at the parent servers.
PassSOA SerialYour SOA serial number is: 1. The recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. 
Your SOA serial appears to be the number of seconds since midnight 01 Jan 1970 when the last DNS change was made. That seems to be 1969/12/31 18:0:1
PassSOA REFRESHOK. Your SOA REFRESH interval is: 7200. That is OK
PassSOA RETRYYour SOA RETRY value is: 900. Looks ok
PassSOA EXPIREYour SOA EXPIRE number is: 1209600.Looks ok
PassSOA MINIMUM TTLYour SOA MINIMUM TTL is: 86400. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. Your value of 86400 is OK.
MXInfoMX RecordsYour MX records that were reported by your nameservers are:

1   aspmx.l.google.com   66.102.1.27 (no glue) 
10   alt3.aspmx.l.google.com   64.233.187.26 (no glue) 
10   alt4.aspmx.l.google.com   173.194.203.26 (no glue) 
5   alt1.aspmx.l.google.com   209.85.233.27 (no glue) 
5   alt2.aspmx.l.google.com   74.125.200.27 (no glue) 

[These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ]
PassDifferent MX records at nameserversGood. Looks like all your nameservers have the same set of MX records. This tests to see if there are any MX records not reported by all your nameservers and also MX records that have the same hostname but different IPs
PassMX name validityGood. I did not detect any invalid hostnames for your MX records.
PassMX IPs are publicOK. All of your MX records appear to use public IPs.
PassMX CNAME CheckOK. No problems here.
PassMX A request returns CNAMEOK. No CNAMEs returned for A records lookups.
PassMX is not IPOK. All of your MX records are host names.
PassNumber of MX recordsGood. Looks like you have multiple MX records at all your nameservers. This is a good thing and will help in preventing loss of mail.
PassMismatched MX AOK. I did not detect differing IPs for your MX records.
PassDuplicate MX A recordsOK. I have not found duplicate IP(s) for your MX records. This is a good thing.
PassReverse MX A records (PTR)Your reverse (PTR) record:
27.1.102.66.in-addr.arpa ->  wb-in-f27.1e100.net
26.187.233.64.in-addr.arpa ->  tj-in-f26.1e100.net
26.203.194.173.in-addr.arpa ->  pg-in-f26.1e100.net
27.233.85.209.in-addr.arpa ->  lr-in-f27.1e100.net
27.200.125.74.in-addr.arpa ->  sa-in-f27.1e100.net
You have reverse (PTR) records for all your IPs, that is a good thing.
WWWErrorWWW A RecordERROR: I could not get any A records for www.hijiffy.com!

(I only do a cache request, if you recently added a WWW A record, it might not show up here.)

DNSSEC shows ERRORS  



  • com to hijiffy.com: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
  • com to hijiffy.com: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no DS RR matched a DNSKEY with algorithm 13 that signs the zone's DNSKEY RRset. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
  • hijiffy.com/A: No RRSIG covering the RRset was returned in the response. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, UDP_0_EDNS0_32768_4096)
  • hijiffy.com/MX: No RRSIG covering the RRset was returned in the response. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, UDP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_512)
  • hijiffy.com/NS: No RRSIG covering the RRset was returned in the response. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, UDP_0_EDNS0_32768_4096)
  • hijiffy.com/SOA: No RRSIG covering the RRset was returned in the response. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, TCP_0_EDNS0_32768_4096, UDP_0_EDNS0_32768_4096)
  • hijiffy.com/TXT: No RRSIG covering the RRset was returned in the response. (205.251.192.73, 205.251.194.203, 205.251.197.154, 205.251.198.99, 2600:9000:5300:4900::1, 2600:9000:5302:cb00::1, 2600:9000:5305:9a00::1, 2600:9000:5306:6300::1, UDP_0_EDNS0_32768_4096)

Need some help, contacted AWS but they pointed to the ISP and we have this problem since Monday with no resolution :\

--
--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dns-discuss AT googlegroups.com
To unsubscribe from this group, send email to
public-dns-discuss+unsubscribe AT googlegroups.com
For more options, visit this group at
http://groups.google.com/group/public-dns-discuss
For more information on Google Public DNS, please visit
http://developers.google.com/speed/public-dns
========================================================
---
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
For more options, visit https://groups.google.com/d/optout.