[dns-operations] Shameless plug for our Zonecheck software (Was: af.mil DNS issue

Brad Knowles brad at stop.mail-abuse.org
Sat Jul 1 04:36:11 UTC 2006

Joseph S D Yao said:

>> - Not running accepting TCP queries is marked as an failure
> Well?  It is!  Name servers should be able to accept both.  Just in
> case, you know.

Yeah, but this isn't necessarily the fault of the nameserver -- it could
be the result of an ignorant or overly aggressive firewall administrator,
for example.

Of course, there are certain authors who would argue that the requirement
to support TCP is inherently broken, but I don't think we want to go down
that rathole.

At the very least, I think we can argue that this should be considered a
serious warning, but I do not believe that it should necessarily be
considered a drop-dead forget-testing-anything-else failure.

>> - Having 2 (out of 8) nameservers using the same address is marked as
>> an error
> And it isn't for what reason?

So long as two of them have different IP addresses, you should be okay. 
If the same machine has different names and more than one name for that
machine is listed as an NS for a given zone, then it shouldn't necessarily
be considered a hard error.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.

More information about the dns-operations mailing list