检查公共域是否正确
如今,您可以尝试使用一个出色的工具来执行一些作 100 在我们的公共领域进行测试, 每个人都知道,正确配置公有域非常重要, 以避免问题,尤其是 DNS 解析问题或任何“罕见”问题’ 电子邮件. Este test se puede hacer con DNSreport de DNSstuff.com, 我们永远不应忘记的一页!
Si vamos a la web de DNSstuff y nos registramos de forma gratuita podremos ejecutar DNSreport con nuestro dominio, 我们给予 “跑!” para que realice todos los test, y así si no tenemos errores o sabemos a qué se debe, podremos estar seguros que nunca tendremos un problema con nuestro dominio, la mayoría de las veces se debe a correos que no llegan siempre, o a ciertas empresas no les llegan nuestros correos, o no nos llegan de ciertas empresas…
Tras ejecutar el test nos sacará ese report enorme dándonos las explicaciones de cualquier incidencia que note, aquí pego el ejemplo con mi dominio:
DNSreport for bujarra.com
| Category | 地位 | Test Name | 信息 |
|---|---|---|---|
| Parent | PASS | Missing Direct Parent check | 还行. Your direct parent zone exists, 哪个是好的. 一些域名 (通常是第三或第四级域名, 例如例子.co.us) 没有一个直接的父区域 (‘co.us’ 在这个例子中), 这是合法的但可能会导致混淆. |
| 信息 | 父服务器上的NS记录 | 您在父服务器上的NS记录是:
ns1.hostmonster.com. [74.220.195.131] [TTL=172800] [美国] ns2.hostmonster.com. [69.89.16.8] [TTL=172800] [美国]
[这些信息来自f.gtld-servers.net] |
|
| PASS | 父名称服务器列出了您的名称服务器 | 还行. 当有人使用DNS查找您的域名时, 第一步 (如果它还不知道您的域名) 就是去父服务器. 如果您没有被列在那里, 您将无法被找到. 但您在那里被列出. | |
| PASS | 父名称服务器的Glue | 还行. 父服务器有您的名称服务器的Glue. 这意味着它们发送您名称服务器的IP地址, 以及它们的主机名. | |
| PASS | DNS服务器有A记录 | 还行. 你的所有 DNS 服务器要么在区父服务器上有 A 记录, 要么不需要它们 (如果 DNS 服务器在其他顶级域上). 需要为你的主机名设置 A 记录,以确保其他 DNS 服务器可以访问你的 DNS 服务器. 注意,如果你的 DNS 服务器没有这些相同的 A 记录,将会出现问题. |
| NS | 信息 | 在你的名称服务器上的 NS 记录 | 你的名称服务器上的 NS 记录是:
ns1.hostmonster.com. [74.220.195.131] [TTL=86400] ns2.hostmonster.com. [69.89.16.8] [TTL=86400]
|
| PASS | 开放的 DNS 服务器 | 还行. 你的 DNS 服务器没有宣布它们是开放的 DNS 服务器. 虽然有很小的可能性它们实际上是开放的 DNS 服务器, 但这非常不可能. 开放的 DNS 服务器会增加缓存投毒的可能性, 可能降低你的 DNS 性能, 并可能导致你的 DNS 服务器被用于攻击 (所以你的 DNS 服务器看起来不是开放的 DNS 服务器,这是件好事). | |
| PASS | 胶水记录不匹配 | 还行. DNS 报告未检测到父服务器提供的胶水记录与权威 DNS 服务器提供的胶水记录之间存在任何差异. | |
| PASS | 在域名服务器上没有 NS A 记录 | 还行. 当查询您的 NS 记录时,您的名称服务器确实包含相应的 A 记录. 这确保了您的 DNS 服务器知道与所有 NS 记录对应的 A 记录. | |
| PASS | 所有名称服务器报告相同的 NS 记录 | 还行. 您所有名称服务器上的 NS 记录都是相同的. | |
| PASS | 所有名称服务器都有响应 | 还行. 父名称服务器列出的所有名称服务器都有响应. | |
| PASS | 名称服务器名称有效性 | 还行. 您的名称服务器报告的所有 NS 记录似乎都是有效的 (没有 IP 或部分域名). | |
| PASS | 名称服务器数量 | 还行. 您有 2 名称服务器. 你必须至少有 2 名称服务器 (RFC2182 部分 5 建议至少有 3 名称服务器), and preferably no more than 7. | |
| PASS | Lame nameservers | 还行. All the nameservers listed at the parent servers answer authoritatively for your domain. | |
| PASS | Missing (stealth) 名称服务器 | 还行. All 2 of your nameservers (as reported by your nameservers) are also listed at the parent servers. | |
| PASS | Missing nameservers 2 | 还行. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers. | |
| PASS | No CNAMEs for domain | 还行. There are no CNAMEs for bujarra.com. RFC1912 2.4 和 RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. | |
| PASS | No NSs with CNAMEs | 还行. There are no CNAMEs for your NS records. RFC1912 2.4 和 RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. | |
| PASS | Nameservers on separate class C’s | 还行. You have nameservers on different Class C (technically, /24) IP 范围. You must have nameservers at geographically and topologically dispersed locations. RFC2182 3.1 goes into more detail about secondary nameserver location. | |
| PASS | All NS IPs public | 还行. 你所有的 NS 记录似乎都使用公共 IP. 如果存在任何私有 IP, 它们将无法访问, 导致 DNS 延迟. | |
| 警告 | 允许 TCP | 警告: 你的一台或多台 DNS 服务器不接受 TCP 连接. 虽然很少使用, 有时会使用 TCP 连接而不是 UDP 连接. 当防火墙阻止 TCP DNS 连接时, 可能会导致难以诊断的问题. 如果你的 DNS 服务器使用 Anycast,也可能出现此消息. 有问题的服务器是:
74.220.195.131: 错误 [连接被拒绝 (10061)]. 69.89.16.8: 错误 [连接被拒绝 (10061)].
|
|
| 信息 | Nameserver 版本 | 你的 Nameserver 具有以下版本: 74.220.195.131: 没有可用的版本信息 (转介). 69.89.16.8: 没有可用的版本信息 (转介). | |
| PASS | 隐蔽 NS 记录泄漏 | 你的 DNS 服务器没有泄漏任何隐蔽 NS 记录 (如果有的话) 在非 NS 请求中. |
| SOA | 信息 | SOA 记录 | 你的 SOA 记录 [TTL=86400] 是:
主名称服务器: ns1.hostmonster.com. 管理员邮箱地址: root.host184.hostmonster.com. 序列号 #: 2008062600 刷新: 86400 重试: 7200 过期: 3600000 默认 TTL: 300
|
| PASS | NS agreement on SOA Serial # | 还行. All your nameservers agree that your SOA serial number is 2008062600. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNSreport only checks the NS records listed at the parent servers (not any stealth servers). | |
| PASS | SOA MNAME Check | 还行. Your SOA (Start of Authority) record states that your master (primary) name server is: ns1.hostmonster.com.. That server is listed at the parent servers, which is correct. | |
| PASS | SOA RNAME Check | 还行. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: 柔**@*****************er.com. (techie note: we have changed the initial ‘.’ to an ‘@’ for display purposes). | |
| PASS | SOA Serial Number | 还行. Your SOA serial number is: 2008062600. This appears to be in the recommended format of YYYYMMDDnn, where ‘nn’ is the revision. 所以这表明您的 DNS 最后更新时间为 26 六月 2008 (并且是修订版 #0). 此号码 必须 每次进行 DNS 更改时递增. | |
| 警告 | SOA 刷新值 | 警告: 您的 SOA 刷新间隔为 : 86400 秒. 这似乎偏高. 您应考虑将此值降低到大约 3600-7200 秒 (或更高, 如果使用 DNS 通知). RFC1912 2.2 建议值在 1200 自 43200 秒 (20 分钟到 12 小时, 较长的时间用于网速非常慢的互联网连接), 并且如果您使用 DNS 通知,刷新值就不那么重要 (RIPE 建议 86400 如果使用 DNS 通知则为秒数). 此值决定了辅助/从属域名服务器多久检查一次主服务器的更新. 值过高会导致 DNS 更改长时间处于悬而未决状态. | |
| PASS | SOA 重试值 | 还行. 您的 SOA 重试间隔为 : 7200 秒. 这似乎正常 (大约 120-7200 秒数是合适的). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed. | |
| 警告 | SOA EXPIRE value | 警告: Your SOA EXPIRE time is : 3600000 秒. This seems a bit high. 您应考虑将此值降低到大约 1209600 自 2419200 秒 (2 自 4 weeks). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can’t reach the primary nameserver. | |
| 警告 | SOA MINIMUM TTL value | 警告: Your SOA MINIMUM TTL is : 300 秒. This seems low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 和 10800. RFC2308 suggests a value of 1-3 小时. This value used to determine the default (technically, minimum) TTL (生存时间) for DNS entries, but now is used for negative caching. |
| MX 系列 | 信息 | MX Record | Your 1 MX record is:
0 bujarra.com. [TTL=14400] IP=74.220.207.184 [TTL=14400] [美国]
|
| PASS | Low port test | 还行. 使用低端口号的本地 DNS 服务器可以获取你的 MX 记录. 一些 DNS 服务器位于防火墙之后,会阻止低端口号. 这并不能保证你的 DNS 服务器不会阻止低端口 (此特定查询必须缓存), 但这是它不阻止的一个良好迹象. | |
| PASS | 无效字符 | 还行. 你所有的 MX 记录似乎都使用有效的主机名, 没有任何无效字符. | |
| PASS | 所有 MX IP 地址都是公开的 | 还行. 你所有的 MX 记录似乎都使用公共 IP. 如果存在任何私有 IP, 它们将无法访问, 可能导致邮件轻微延迟, 额外的资源使用, 并可能导致邮件退回. | |
| PASS | MX 记录不是 CNAME | 还行. 查询你的 MX 记录并不仅返回 CNAME. 如果 MX 记录查询返回 CNAME, 需要额外处理, 有些邮件服务器可能无法处理. | |
| PASS | MX A 查询没有 CNAME | 还行. 从您的 MX 记录中查找 A 记录时似乎没有返回 CNAME (MX 记录中禁止使用 CNAME, 根据 RFC974, RFC1034 3.6.2, RFC1912 2.4, 和 RFC2181 10.3). | |
| PASS | MX 是主机名, 不是 IP | 还行. 您所有的 MX 记录都是主机名 (而不是 IP 地址, MX 记录中不允许使用 IP 地址). | |
| 信息 | 多个 MX 记录 | 注意: 您只有 1 MX 记录. 如果您的主邮件服务器宕机或无法访问, 邮件可能会有发送问题. 过去, 邮件服务器通常会重试发送电子邮件长达 48 小时. 但现在许多服务器只会重试几个小时. 如果您的主邮件服务器非常可靠 (或者如果宕机可以快速修复), 只使用一个邮件服务器可能是可以接受的. | |
| PASS | MX-A 记录不同 | 还行. 我没有检测到您的 MX 记录的 IP 存在差异 (this would happen if your DNS servers return different IPs than the DNS servers that are authoritative for the hostname in your MX records). | |
| PASS | Duplicate MX records | 还行. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources. | |
| PASS | Reverse DNS entries for MX records | 还行. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the ‘Reverse DNS Tool’ for the current data). The reverse DNS entries are: |
| PASS | Connect to mail servers | 还行: I was able to connect to all of your mailservers. | |
| PASS | Mail server host name in greeting | 还行: All of your mailservers have their host name in the greeting:
bujarra.com:<br /> 220-host184.hostmonster.com ESMTP Exim 4.69 #1 Wed, 09 九月 2009 01:43:27 -0600 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. <br />
|
|
| PASS | Acceptance of NULL <> sender | 还行: All of your mailservers accept mail from “<>”. You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts). | |
| FAIL | Acceptance of postmaster address | ERROR: One or more of your mailservers does not accept mail to po********@*****ra.com. Mailservers are required (RFC822 6.3, RFC1123 5.2.7, 和 RFC2821 4.5.1) to accept mail to postmaster.
bujarra.com’s postmaster response:<br /> >>> RCPT TO:<po********@*****ra.com><br /> <<< 550 No Such User Here <br />
|
|
| 警告 | Acceptance of abuse address | 警告: One or more of your mailservers does not accept mail to ab***@*****ra.com. Mailservers are expected by RFC2142 to accept mail to abuse.
bujarra.com’s abuse response:<br /> >>> RCPT TO:<ab***@*****ra.com><br /> <<< 550 No Such User Here <br />
|
|
| 信息 | Acceptance of domain literals | 警告: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. 然而, it is unlikely that any problems will occur if the domain literals are not accepted (mailservers at many common large domains have this problem).
bujarra.com’s postmaster@[74.220.207.184] 响应:<br /> >>> RCPT TO:<postmaster@[74.220.207.184]><br /> <<< 501 <postmaster@[74.220.207.184]>: domain literals not allowed <br />
|
|
| PASS | Open relay test | 还行: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
bujarra.com OK: 550-plum.dnsstuff.com (test.DNSreport.com) [174.133.202.226] is currently not 550-permitted to relay through this server. Perhaps you have not logged into 550-the pop/imap server in the last 30 minutes or do not have SMTP 550 Authentication turned on in your email client. <br />
|
|
| PASS | SPF record | You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record (I don’t check to see if it is well designed!) 是:
“v=spf1 a mx ptr include:hostmonster.com ?都” [TTL=14400]
|
| WWW | 信息 | WWW Record | Your www.bujarra.com A record is:
www.bujarra.com. CNAME bujarra.com. [TTL=14400] bujarra.com. 自 74.220.207.184 [TTL=14400] [美国]
|
| PASS | All WWW IPs public | 还行. All of your WWW IPs appear to be public IPs. 如果存在任何私有 IP, 它们将无法访问, causing problems reaching your web site. | |
| PASS | CNAME Lookup | 还行. You do have a CNAME record for www.bujarra.com, which can cause some confusion. 然而, this is legal. Your CNAME entry also returns the A record for the CNAME entry, 哪个是好的 — otherwise, it would require an extra DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. Note that if the CNAME points to another CNAME, it will likely cause problems. | |
| 信息 | Domain A Lookup | Your bujarra.com A record is:
bujarra.com. 自 74.220.207.184 [TTL=14400]
|
传说:
|
