 |  |
At 6:38 AM -0600 12/23/03, Len Conrad wrote:
Re: Should be dnsreport.com
From: Michael Wise
Date: Tuesday, December 23, 2003
Time: 10:00:20 am
>>Feel free to look up my domain "goya.com.au".
>
>DNSReport says it won't give your domain a green PASS but a big, fat
>YELLOW WARN:
>
>"Your NS records APPEAR to be:"
>
>Len: the "APPEAR" suggests they might be something else. Why the
>doubt? But they aren't, there's no doubt. The APPEAR is totally
>misleading, and anybody anywhere who wants to KNOW what the NS
>records are (this includes the "apparently" incapable DNSReport)
>learns them simply by asking the .au parent NSs what the ARE:
>
># dig @ns1.ausregistry.net goya.com.au. ns
>
>; <<>> DiG 9.2.3rc3 <<>> @ns1.ausregistry.net goya.com.au. ns
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58744
>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;goya.com.au. IN NS
>
>;; AUTHORITY SECTION:
>goya.com.au. 3600 IN NS ns1.telstra.net.
>goya.com.au. 3600 IN NS mail.goya.com.au.
>
>There, that didn't APPEAR too hard, did it? DNS isn't fuzzy,
>hit-and-miss, probabilistic protocol.
That's odd. Your very own product (DNS Expert 1.6) had this to say in
its analysis report of goya.com.au:
>Errors
>----------------------------------------------------------------------
>o Unable to resolve the name "mail.goya.com.au." because glue data
> for the domain "goya.com.au." is missing
> The delegation data for "goya.com.au." indicates that the host
> "mail.goya.com.au." contains authoritative data for the zone, but
> there is not enough data available to locate "mail.goya.com.au.".
> Therefore, it will not be possible to use "mail.goya.com.au." when
> checking the zone.
Now what were you saying about misleading missing glue alerts? Please
note that DNS Expert did not use the word "warning" it used the word
"error."
>"NOTE: These records may be inaccurate"
>
>Len's NOTE: BS alert!! Weasel-words alert!! What's inaccurate is DNSReport.
>
>
>"... since the parent servers (ns.ripe.net.) do not know the NS
>records for goya.com.au"
>
>ns.ripe.net is not the "parent servers", it's just one of 9 servers
>delegated with authority for com.au.
>
>and the above DNSReport comment is abosolutely wrong, and proved so
>by a single query:
Then you are also saying that your own $495 product is
inaccurate....yes? DNS Expert also had this _error_:
>o Unable to locate an authoritative name server for
> "mail.goya.com.au."
> It was not possible to locate an authoritative name server for
> the domain "mail.goya.com.au.". No further testing of the zone
> will be possible.
My my...better put those rocks down.
>
>
>
>tx1# dig @ns.ripe.net goya.com.au any
>
>; <<>> DiG 9.2.3 <<>> @193.0.0.193 goya.com.au any
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9142
>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;goya.com.au. IN ANY
>
>;; AUTHORITY SECTION:
>goya.com.au. 3600 IN NS mail.goya.com.au.
>goya.com.au. 3600 IN NS ns1.telstra.net.
>
>
>(or give a referral to other DNS servers)!"
>
>Why the melodramatic "!" The above response is a boring, banal
>referral. ns.ripe.net DOES know EXACTLY the NS delegation records
>for goya.com.au, and returns them as non-parenthetical "referral",
>which is exactly what ns.ripe.net (as parent NS for com.au) is
>supposed to do.
>
>"This may cause other tests not to work properly, such as the
>'Nameservers on separate class C' test."
>
>Len's translation: "this irresponsibly bogus WARNing may cause other
>bogus DNSreport tests to give more irresponsibly bogus warnings or
>outright bogus failures".
Again, I direct you back to a similar and more alarming response
generated by your very own product.
>ie, the "problem" is totally within DNSReport, and not with
>goya.com.au, nor with any part of Internet.
>
>btw, before anyone starts throwing around inflammatory words like
>"hate", he should know that I have really tried, directly with
>Scott, to make his DNSReport better by correcting this and other
>faults, but he refuses to learn how DNS works and refuses to correct
>his reports.
I can't imagine your approach has anything to do with it.
>Not a very responsible position for a service that pretends to help
>people with their DNS.
It helps a lot of people every day. I know a lot of people on this
and the EIMS list use it regularly. That must be because we're all
DNS ignorant or novices.
>And I would say the majority of people who use DNSReport are DNS
>ignorant or novices,
Again, unfounded speculation on your part.
>since DNS experts use dig and other geeky tools for the DNS queries
>and analysis.
Has it occurred to you that DNS experts or experts in anything, for
that matter, do not limit themselves in their tools? Is it that
inconceivable for people to use CLI tools like dig, whois, nslookup,
host, etc. as well as GUI tools? I'm not so sure why you seem so
intent on believing its either one or the other.
Is your product, DNS Expert, directed at the "DNS ignorant" and
"novices"? After all, it has essentially the same purpose as
dnsreport.
Even more, it's also a bit of a surprise to see you label users of
dnsreport (and by extension, DNS expert users as well) as ignorant
novices.
I'm wondering if you have any clue of who the average QDNS user is? I
think you know as well as I that QDNS built its house on sales to Mac
managers who a) wanted to run dns in house and b) had know clue how
to set up BIND. Where do you think menandmice.com would be today
without all of us "dns ignorant novices" who bought your products
throughout the 90's?
Even now that it is not its own server, but a GUI front-end
management for BIND....many true "geeks" would label anybody using
such a GUI tool as too lazy or ignorant to learn how to manage BIND
through a CLI. Is that a fair assessment? No, but its very similar
(in cause and effect) of your sweeping condescension at those who use
dnsreport (and by extension, DNS Expert).
>Is DNSReports helpful? yes, of course. No one is saying it isn't.
Well you seem to be doing a good job trying to convince people it is
everything but...without saying so directly.
>
>>I registered my domain name with (what used to be at the time) the
>>only domain register for .au domains. I didn't have any choice to
>>register with any one else.
>>They manage the delegation for me. I've set up the domain properly,
>
>... everything about your delegation is done properly..
>
>> but my domain gives this message when run through dnsreports.
>
>... so, confirming yet again, the WARNING is totally useless and misleading.
Is Men and Mice's DNS Expert 1.6's _ERROR_ message even more useless
and misleading?
>
>>If you could, explain how I could alter my domain reg/delegation to
>>work any differently that wouldn't give this warning.
>
>the "false problem" is that your .au domain is delegated to a .net
>NS. Which means that when ns1.telstra.net is queried for your
>domain, all the delegation records are returned (aka a "referral")
>but only the .au glue is returned:
OK, now please be so kind as to tell us how to prevent DNS Expert 1.6
from insisting there are three ERRORS with the goya.au.com zone?
>
># dig @ns1.telstra.net goya.com.au. ns
>
>; <<>> DiG 9.2.3rc3 <<>> @ns1.telstra.net goya.com.au. ns
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62323
>;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
>;; QUESTION SECTION:
>;goya.com.au. IN NS
>
>;; ANSWER SECTION:
>goya.com.au. 86400 IN NS mail.goya.com.au.
>goya.com.au. 86400 IN NS ns1.telstra.net.
>
>;; ADDITIONAL SECTION:
>mail.goya.com.au. 86400 IN A 203.222.103.130
>
>tisk, tisk, the A record for ns1.telstra.net. is "missing". This
>is absolutely no error,
Sure it is.
>and is absolutely no problem. A querying DNS would then obtain the
>"missing" A record, aka "fetch the glue", by querying for
>ns1.telstra.net:
Great, so it's an error which can be worked around automatically.
However, it is also an error which can be fixed by taking a few
seconds to create the A record. If it's still no big deal, can we
expect to see you remove all of your NS servers' A records? After
all, if they're really not needed....having them there just takes up
space...right?
I certainly would like to know about such missing records in any of
my zones and would definitely consider such to be a problem
warranting fixing.
>Why doesn't .au NS have the A record for the .net NS? Because any
>.net A record is "out of zone" for the .au parent NS. (and vice
>versa). This is how DNS works.
Indeed, which is why I never worry about those types of dnsreport
warnings for my .cx zones....just as I categorically ignore the
warning of not having a back-up MX. However, this does not take away
the FREE value dnsreport brings to me and many others.
>In fact, the (Verisign) gTLD servers used to be the parent NSs for
>.com, .net, and .org. (The .org domain was stripped from Verisign
>and given ISOC and ISOC's NSs.) So ALL .com and .net domains
>delegated to an .org NS will also be erroneously flagged as "missing
>glue" at the .com and .net NSs. Likewise all .org domains delegated
>to .net or .com NSs (or ANY non-.org NS) will be WARNed by DNSReport
>as "missing glue".
And ERRORed by DNS Expert for the exact same thing.
--Mike
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696