Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.)

Alexandre Lepage a.lepage at difuzer.com
Fri Jul 31 17:54:08 EDT 2009


Thanks for your answer Sam, I appreciate your help. Actually I wasn't
asking help for the two warnings about PTR records, so no need for a "RTFM"
^^ But I will fix it in order to maximize my chances to fix the other
error.

And about the reverse question... ZoneCheck is te software used by the
AFNIC (the association in charge of .fr registration) and I'm pretty sure
I'm doing something wrong, because I just get the error since they
announced security increasement at the AFNIC. Maybe it's also an
incoherence in my zonefile, I must admit I'm not an expert. Here it is :

% SOA ns1.difuzer.com. alexbad at videotron.ca. 2009060701 7200 3600 604800
1800
% +60 NS ns1.difuzer.com.
% +60 NS ns2.difuzer.com.
% +60 91.121.92.210
*.% +60 91.121.92.210
*.% +60 CNAME %
% mx 10 %
mail.% +86400 IN A 91.121.92.210
% txt 'v=spf1 mx ip4:91.121.92.210 ip4:213.251.161.162 -all'

Thanks again

On Fri, 31 Jul 2009 16:20:59 -0500, Sam Trenholme
<strenholme.usenet at gmail.com> wrote:
> 2009/7/31 Alexandre Lepage <a.lepage at difuzer.com>
> 
>>
>> Hi,
>>
>> I have a problem with all my .fr DNS zone. You can see the failure there
>> :
>>
>> http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en
>>
> 
> 
>  Reverse for the nameserver IP address doesn't match
> 
>    - ns2.difuzer.com./213.251.161.162
>    - ns1.difuzer.com./91.121.92.210
> 
> RTFM:
> 
> http://www.maradns.org/faq.html#rdns
> 
> ---
> 
> [TEST check if server is really recursive]: answer refused from server
> (IN/SOA: fr.)
> 
>    - ns2.difuzer.com./213.251.161.162
> 
> The test is broken.  MaraDNS will refuse recursive queries by default for
> security reasons.  Some people have this foolish people that all DNS
> servers
> should be recursive.  This is a really bad idea from a security
standpoint;
> we're not in the 1980s anymore and it hasn't been feasible to be that
open
> on the internet for a while.
> 
> Tell the person who made this test to fix it.
> 
> 
>>
>> The problem is that the server is not even supposed to be recursive. I
>> searched for this error in the ZoneCheck documentation (the software
used
>> to pass the test) and... nothing.
>>
> 
> Tell the Zonecheck people to write decent documentation for their test
> suite.
> 
> If you want to enable recursion:
> 
> http://www.maradns.org/tutorial/recursive.html
> 
> - Sam
> 
> I do not answer MaraDNS support requests sent by private email without
> being
> compensated for my time. I will discuss rates if you want this kind of
> support. Thank you for your understanding.

-- 
Cordialement,
Alexandre Lepage
Difuzer Enr.
a.lepage at difuzer.com
418.554.0113


More information about the list mailing list