WRInaute impliqué
Bonjour,
Sur www.dnsreport.com j'ais 1 erreur critique et 2 warn , j'aimerais les corriger mais j'ais un peu de mal à comprendre les problèmes ( et les corriger ) , peut être quelqu'un sur ce forum pourrais m'aider ?
(critique ) Dans la rubrique OPEN DNS SERVER :
===========================================
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address.
===========================================
Je veut bien qu'il soit pas en open ... mais comment faire ?
J'ais aussi un warn dans SOA MNAME Check :
===========================================
WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: sdXXXX.sivit.org.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.
===========================================
et enfin un WARN dans Glue at parent nameservers:
===========================================
WARNING. The parent servers (I checked with m.gtld-servers.net.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.4, which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
===========================================
Help s'il vous plait
EDIT :
Voici mon fichier hosts :
==================================================================
$ttl 38400
mondomaine.com. IN SOA sd1538.sivit.org. qsqssq.mondomaine.com. (
1126861079
10800
3600
604800
38400 )
mondomaine.com. IN NS ns1.mondomaine.com.
www.mondomaine.com. IN A 194.242.110.152
mail.mondomaine.com. IN A 194.242.110.152
ftp.mondomaine.com. IN A 194.242.110.152
ns1.mondomaine.com. IN A 194.242.110.152
mondomaine.com. IN A 194.242.110.152
mondomaine.com. IN NS ns2.sivit.org.
mondomaine.com. IN MX 10 mail.mondomaine.com.
mondomaine.com. IN TXT "v=spf1 a mx ptr ?all"
==================================================================
Note : le " qsqssq " à la premiere ligne je ne sais pas d'ou ca sort ... je l'ais pas inventé c'est comme ca dans le fichier hosts oO
Mon nom de domaine est configuré comme ceci :
DNS PRIMAIRE : ns1.mondomaine.com
DNS SECONDAIRE : ns2.sivit.org
Sur www.dnsreport.com j'ais 1 erreur critique et 2 warn , j'aimerais les corriger mais j'ais un peu de mal à comprendre les problèmes ( et les corriger ) , peut être quelqu'un sur ce forum pourrais m'aider ?
(critique ) Dans la rubrique OPEN DNS SERVER :
===========================================
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address.
===========================================
Je veut bien qu'il soit pas en open ... mais comment faire ?
J'ais aussi un warn dans SOA MNAME Check :
===========================================
WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: sdXXXX.sivit.org.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.
===========================================
et enfin un WARN dans Glue at parent nameservers:
===========================================
WARNING. The parent servers (I checked with m.gtld-servers.net.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.4, which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
===========================================
Help s'il vous plait
EDIT :
Voici mon fichier hosts :
==================================================================
$ttl 38400
mondomaine.com. IN SOA sd1538.sivit.org. qsqssq.mondomaine.com. (
1126861079
10800
3600
604800
38400 )
mondomaine.com. IN NS ns1.mondomaine.com.
www.mondomaine.com. IN A 194.242.110.152
mail.mondomaine.com. IN A 194.242.110.152
ftp.mondomaine.com. IN A 194.242.110.152
ns1.mondomaine.com. IN A 194.242.110.152
mondomaine.com. IN A 194.242.110.152
mondomaine.com. IN NS ns2.sivit.org.
mondomaine.com. IN MX 10 mail.mondomaine.com.
mondomaine.com. IN TXT "v=spf1 a mx ptr ?all"
==================================================================
Note : le " qsqssq " à la premiere ligne je ne sais pas d'ou ca sort ... je l'ais pas inventé c'est comme ca dans le fichier hosts oO
Mon nom de domaine est configuré comme ceci :
DNS PRIMAIRE : ns1.mondomaine.com
DNS SECONDAIRE : ns2.sivit.org
