Hola a todos, Yo, sigo de forma intermitente problemas de resolucion ,
y como prueba , en el momento que me fall (que no es siempre), he ido a:
(link roto)
y da muchos errores.
No soy un especialista en DNS , pero es la unica web que falla , de ls habituales.
el pasteo de lo dicel el analisis es el de abajo.
saludos cordiales:
PASS Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.
INFO NS records at parent servers Your NS records at the parent servers are:
dns.undiez.es. [62.81.199.145 (NO GLUE)] [ES]
ns1.vectrice.com. [62.81.199.225 (NO GLUE)] [ES]
ns1.undiez.es. [86.109.99.129 (NO GLUE)] [ES]
ns2.vectrice.com. [62.81.199.225 (NO GLUE)] [ES]
ns1.undiez.net. [216.127.68.120 (NO GLUE)] [US]
[These were obtained from sunic.sunet.se]
PASS Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there.
WARN Glue at parent nameservers WARNING. The parent servers (I checked with sunic.sunet.se.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
PASS DNS servers have A records OK. All your DNS servers either have A records at the zone parent servers, or do not need them (if the DNS servers are on other TLDs). A records are required for your hostnames to ensure that other DNS servers can reach your DNS servers. Note that there will be problems if your DNS servers do not have these same A records.
NS INFO NS records at your nameservers Your NS records at your nameservers are:
ns.bandaancha.st. [62.81.199.144] [TTL=86400]
FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server 216.127.68.120 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.
WARN Mismatched glue WARNING: Since there are multiple A records for one or more of your NS records, the DNS report could not determine if the glue provided by the parent servers match that provided by your authoritative DNS servers. This does not indicate an error, but you should verify that the IPs are correct.
PASS No NS A records at nameservers OK. Your nameservers do include corresponding A records when asked for your NS records. This ensures that your DNS servers know the A records corresponding to all your NS records.
WARN All nameservers report identical NS records WARNING: Your nameservers report somewhat different answers for your NS records (varying TTL, for example).
PASS All nameservers respond OK. All of your nameservers listed at the parent nameservers responded.
PASS Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
PASS Number of nameservers OK. You have 5 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
FAIL Lame nameservers ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
216.127.68.120
FAIL Missing (stealth) nameservers FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
ns.bandaancha.st.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
FAIL Missing nameservers 2 ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
dns.undiez.es.
ns1.vectrice.com.
ns1.undiez.es.
ns2.vectrice.com.
ns1.undiez.net.
PASS No CNAMEs for domain OK. There are no CNAMEs for bandaancha.st. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
PASS No NSs with CNAMEs OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
WARN Nameservers on separate class C's WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.
PASS All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
WARN TCP Allowed WARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:
86.109.99.129: Error [No response to TCP packets].
PASS Single Point of Failure OK. It appears that your nameservers are on separate physical servers, and we did not detect the same firewall in front of all servers. We check this mainly because some people have 2 NS records that point to different IPs on the same DNS server.
INFO Nameservers versions [For security reasons, this test is limited to members]
FAIL Stealth NS record leakage Your DNS servers leak stealth information in non-NS requests:
Stealth nameservers are leaked [ns.bandaancha.st.]!
This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
SOA INFO SOA record Your SOA record [TTL=86400] is:
Primary nameserver: ns1.vectrice.com.
Hostmaster E-mail address: support.vectrice.com.
Serial #: 2004110901
Refresh: 28800
Retry: 7200
Expire: 604800
Default TTL: 86400
FAIL NS agreement on SOA Serial # ERROR: Your nameservers disagree as to which version of your DNS is the latest (1170839564 versus 2004110901). This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 2004110901 is the correct serial #. The serial numbers reported by each DNS server are:
62.81.199.145: 1170871223
62.81.199.225: 2004110901
86.109.99.129: 1170839564
62.81.199.225: 2004110901
216.127.68.120: 2004110901
PASS SOA MNAME Check OK. Your SOA (Start of Authority) record states that your master (primary) name server is: ns1.vectrice.com.. That server is listed at the parent servers, which is correct.
PASS SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: support@vectrice.com. (techie note: we have changed the initial '.' to an '@' for display purposes).
PASS SOA Serial Number OK. Your SOA serial number is: 2004110901. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. So this indicates that your DNS was last updated on 09 Nov 2004 (and was revision #1). This number must be incremented every time you make a DNS change.
PASS SOA REFRESH value OK. Your SOA REFRESH interval is : 28800 seconds. This seems normal (about 3600-7200 seconds is good if not using DNS NOTIFY; RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours)). This value determines how often secondary/slave nameservers check with the master for updates.
PASS SOA RETRY value OK. Your SOA RETRY interval is : 7200 seconds. This seems normal (about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.
PASS SOA EXPIRE value OK. Your SOA EXPIRE time: 604800 seconds. This seems normal (about 1209600 to 2419200 seconds (2-4 weeks) is good). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
PASS SOA MINIMUM TTL value OK. Your SOA MINIMUM TTL is: 86400 seconds. This seems normal (about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.
MX INFO MX Record Your 7 MX records are:
0 ASPMX.L.GOOGLE.COM. [TTL=27847] IP=64.233.167.114 (No Glue) [TTL=299] [US]
5 ALT1.ASPMX.L.GOOGLE.COM. [TTL=27847] IP=66.249.83.27 (No Glue) [TTL=300] [US]
5 ALT2.ASPMX.L.GOOGLE.COM. [TTL=27847] IP=66.249.93.27 (No Glue) [TTL=300] [US]
10 ASPMX2.GOOGLEMAIL.COM. [TTL=27847] IP=64.233.183.27 (No Glue) [TTL=1675] [US]
10 ASPMX3.GOOGLEMAIL.COM. [TTL=27847] IP=64.233.167.27 (No Glue) [TTL=1972] [US]
10 ASPMX4.GOOGLEMAIL.COM. [TTL=27847] IP=66.249.93.27 (No Glue) [TTL=1675] [US]
10 ASPMX5.GOOGLEMAIL.COM. [TTL=27847] IP=66.249.83.27 (No Glue) [TTL=1675] [US]
PASS Low port test OK. Our local DNS server that uses a low port number can get your MX record. Some DNS servers are behind firewalls that block low port numbers. This does not guarantee that your DNS server does not block low ports (this specific lookup must be cached), but is a good indication that it does not.
PASS Invalid characters OK. All of your MX records appear to use valid hostnames, without any invalid characters.
PASS All MX IPs public OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.
PASS MX records are not CNAMEs OK. Looking up your MX record did not just return a CNAME. If an MX record query returns a CNAME, extra processing is required, and some mail servers may not be able to handle it.
PASS MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).
PASS MX is host name, not IP OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).
PASS Multiple MX records OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.
PASS Differing MX-A records OK. I did not detect differing IPs for your MX records (this would happen if your DNS servers return different IPs than the DNS servers that are authoritative for the hostname in your MX records).
FAIL Duplicate MX records WARNING: You have duplicate MX records. This means that mailservers may try delivering mail to the same IP more than once. Although technically valid, this is very confusing, and wastes resources. The duplicate MX records are:
ALT1.ASPMX.L.GOOGLE.COM. and ASPMX5.GOOGLEMAIL.COM. both resolve to 66.249.83.27.
ALT2.ASPMX.L.GOOGLE.COM. and ASPMX4.GOOGLEMAIL.COM. both resolve to 66.249.93.27.
PASS Reverse DNS entries for MX records OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current data). The reverse DNS entries are:
114.167.233.64.in-addr.arpa gsmtp167-2.google.com. [TTL=51997]
27.83.249.66.in-addr.arpa gsmtp83.google.com. [TTL=49849]
27.93.249.66.in-addr.arpa gsmtp93.google.com. [TTL=51343]
27.183.233.64.in-addr.arpa nf-in-f27.google.com. [TTL=51343]
27.167.233.64.in-addr.arpa gsmtp167.google.com. [TTL=58706]
27.93.249.66.in-addr.arpa gsmtp93.google.com. [TTL=51343]
27.83.249.66.in-addr.arpa gsmtp83.google.com. [TTL=49849]
Mail PASS Connect to mail servers OK: I was able to connect to all of your mailservers.
WARN Mail server host name in greeting WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
ASPMX.L.GOOGLE.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP u6si8566189pyb
ALT1.ASPMX.L.GOOGLE.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP i20si13169295wxd
ASPMX3.GOOGLEMAIL.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP f78si10126403pyh
ASPMX5.GOOGLEMAIL.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP i19si8914378wxd
ALT2.ASPMX.L.GOOGLE.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP 32si8465787ugf
ASPMX2.GOOGLEMAIL.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP p20si25256255nfc
ASPMX4.GOOGLEMAIL.COM claims to be non-existent host mx.google.com:
220 mx.google.com ESMTP 54si8555032ugp
PASS Acceptance of NULL sender OK: All of your mailservers accept mail from "". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).
WARN Acceptance of postmaster address WARNING: One or more of your mailservers may not accept mail to postmaster@bandaancha.st (it is generating a temporary error). Mailservers are required (RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1) to accept mail to postmaster.
ASPMX.L.GOOGLE.COM's postmaster response:
>>> RCPT TO:
ALT1.ASPMX.L.GOOGLE.COM's postmaster response:
>>> RCPT TO:
ASPMX3.GOOGLEMAIL.COM's postmaster response:
>>> RCPT TO:
ASPMX4.GOOGLEMAIL.COM's postmaster response:
>>> RCPT TO:
ASPMX5.GOOGLEMAIL.COM's postmaster response:
>>> RCPT TO:
WARN Acceptance of abuse address WARNING: One or more of your mailservers does not accept mail to abuse@bandaancha.st. Mailservers are expected by RFC2142 to accept mail to abuse.
ASPMX.L.GOOGLE.COM's abuse response:
>>> RCPT TO:
ALT1.ASPMX.L.GOOGLE.COM's abuse response:
>>> RCPT TO:
ASPMX3.GOOGLEMAIL.COM's abuse response:
>>> RCPT TO:
ASPMX4.GOOGLEMAIL.COM's abuse response:
>>> RCPT TO:
ASPMX5.GOOGLEMAIL.COM's abuse response:
>>> RCPT TO:
INFO Acceptance of domain literals WARNING: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted (mailservers at many common large domains have this problem).
ALT1.ASPMX.L.GOOGLE.COM's postmaster@[66.249.83.27] response:
>>> RCPT TO:
ASPMX3.GOOGLEMAIL.COM's postmaster@[64.233.167.27] response:
>>> RCPT TO:
ASPMX.L.GOOGLE.COM's postmaster@[64.233.167.114] response:
>>> RCPT TO:
ASPMX5.GOOGLEMAIL.COM's postmaster@[66.249.83.27] response:
>>> RCPT TO:
ASPMX4.GOOGLEMAIL.COM's postmaster@[66.249.93.27] response:
>>> RCPT TO:
ASPMX2.GOOGLEMAIL.COM's postmaster@[64.233.183.27] response:
>>> RCPT TO:
ALT2.ASPMX.L.GOOGLE.COM's postmaster@[66.249.93.27] response:
>>> RCPT TO:
PASS Open relay test OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
ALT1.ASPMX.L.GOOGLE.COM OK: 550 5.1.1 No such user i20si13169295wxd
ASPMX3.GOOGLEMAIL.COM OK: 550 5.1.1 No such user f78si10126403pyh
ASPMX.L.GOOGLE.COM OK: 550 5.1.1 No such user u6si8566189pyb
ASPMX5.GOOGLEMAIL.COM OK: 550 5.1.1 No such user i19si8914378wxd
ASPMX4.GOOGLEMAIL.COM OK: 550 5.1.1 No such user 54si8555032ugp
ASPMX2.GOOGLEMAIL.COM OK: 550 5.1.1 No such user p20si25256255nfc
ALT2.ASPMX.L.GOOGLE.COM OK: 550 5.1.1 No such user 32si8465787ugf
WARN SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
WWW
INFO WWW Record Your www.bandaancha.st A record is:
www.bandaancha.st. A 62.81.199.225 [TTL=61758] [ES]
PASS All WWW IPs public OK. All of your WWW IPs appear to be public IPs. If there were any private IPs, they would not be reachable, causing problems reaching your web site.
PASS CNAME Lookup OK. Some domains have a CNAME record for their WWW server that requires an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. There are no CNAMEs for www.bandaancha.st, which is good.
INFO Domain A Lookup Your bandaancha.st A record is:
bandaancha.st. A 62.81.199.225 [TTL=49169]
Legend:
* Rows with a FAIL