Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.)

Sam Trenholme strenholme.usenet at gmail.com
Fri Jul 31 17:20:59 EDT 2009


2009/7/31 Alexandre Lepage <a.lepage at difuzer.com>

>
> Hi,
>
> I have a problem with all my .fr DNS zone. You can see the failure there :
>
> http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en
>


 Reverse for the nameserver IP address doesn't match

   - ns2.difuzer.com./213.251.161.162
   - ns1.difuzer.com./91.121.92.210

RTFM:

http://www.maradns.org/faq.html#rdns

---

[TEST check if server is really recursive]: answer refused from server
(IN/SOA: fr.)

   - ns2.difuzer.com./213.251.161.162

The test is broken.  MaraDNS will refuse recursive queries by default for
security reasons.  Some people have this foolish people that all DNS servers
should be recursive.  This is a really bad idea from a security standpoint;
we're not in the 1980s anymore and it hasn't been feasible to be that open
on the internet for a while.

Tell the person who made this test to fix it.


>
> The problem is that the server is not even supposed to be recursive. I
> searched for this error in the ZoneCheck documentation (the software used
> to pass the test) and... nothing.
>

Tell the Zonecheck people to write decent documentation for their test
suite.

If you want to enable recursion:

http://www.maradns.org/tutorial/recursive.html

- Sam

I do not answer MaraDNS support requests sent by private email without being
compensated for my time. I will discuss rates if you want this kind of
support. Thank you for your understanding.


More information about the list mailing list