warnings - with dns.HE.net hosted Zones

mehargags

Hi,
I recently tried using dns.he.net for my hosted dns solutions but I'm seeing some warnings for which I seek some views, if they are ok to be there or need some mending.

I am using ns1/ns2/ns2/ns4/ns5.he.net all of them for my domain.

using SolveDNS checks I get the following Warnings

ns1.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns1.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

Name Servers Found at ns2.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns2.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

Name Servers Found at ns3.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns3.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

Name Servers Found at ns4.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns4.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

The NS records returned by your name servers are not consistent with either the TLD server k.gtld-servers.net or some of your other name servers. See above. The reason for this could be that you have different name servers at your domain name registrar as compared to your NS records. Even if this could be ok, you should always have the same name servers at your registrar and at your NS records.

Your domain name does not appear to have an SPF record. This makes it vulnerable to email spoofing.

Singapore usually fails for ns4/ns5.he.net ping
I also have SPF records as TXT, verified with various SPF-Check tools online, still it complains for it

This is overall score

60.78% out of 100

JoeMerit

nice story bro

provide the domain if you want help.

Caster

ns1 was dropped if I rememeber?

mehargags

@Caster said:
ns1 was dropped if I rememeber?

I kind of noticed that when making zones, HE says ns2 to ns5 shall be added. But it itself makes a glue record with ns1 by default... so I used it. A bit confused here.

5n1p

You need ns1 to add domain but after that you should delete ns1 if i remember good

simonindia

I use dns.he.net but only use ns2and ns3

i have no problem what so ever

lamron

I'm not sure what the problem here is (the cause). I use HE's DNS for some domains and I've run it through SolveDNS/IntoDNS and everything is totally fine. Just one warning because of only having one MX server on SolveDNS and a warning on IntoDNS because DNS looks take longer as DNS root servers redirect to other servers which redirect to another server before it finally reaches HE's DNS.

mehargags

so let me get this straight
in my Godaddy registrar panel, I sent my domain's Nameservers as ns2, ns3 only 2 of them ?

in my dns.he.net domains control panel, I should delete NS records for ns1, ns4, ns5?

Silvenga

mehargags said: in my dns.he.net domains control panel, I should delete NS records for ns1, ns4, ns5?

Yes, the nameservers must give the same responses as the top level domain does - but why not use all of them (except for ns1)?

mehargags

Well I guess if they are available, all of them should be used -- right ?
Also, I guess ns1 needs to be removed altogether, right ?

UPDATE:
Removed ns1 from my registrar panel, then removed the NS record from he.net panel. Alot of warnings vanished.!!! Looks good

I still get this
The primary name server in the SOA record (ns1.he.net) is NOT sent by the TLD name server m.gtld-servers.net. You should fix this.

My SOA record at he.net is LOCKED and cannot be edited/deleted. Any pointers ? this is what it says
ns1.he.net. hostmaster.he.net. 2016012300 10800 1800 604800 86400

namhuy

Don't know what to help, I checked .net domain I'm using dns.he.net, I do use all 5 of their dns records and SOA show no error

jam

just curiosity, i check my domain with solvedns, i got 20.63% out of 100 loool

note: i am not using dns.he.net

jar

Bad tools that obsess over irrelevant details are bad. If your DNS works, that's what matters.

NexHost

@jarland said:
Bad tools that obsess over irrelevant details are bad. If your DNS works, that's what matters.

Time to launch dnsroute ?

0xdragon

@NexHost said:
Time to launch dnsroute ?

LOL too late I got it

mehargags

While i don't doubt these finicky tools for false positives, DNS is undoubtedly the most critical part of all routing/networking/IT, but unfortunately, not paid much attention to.

So was just trying to get the best setup as per different "standards" to ensure configuration as close to "by the book".

---

As an Update, MXtoolBox advised type "SPF" Record is deprecated & must now only be published as a DNS TXT, which I did and now it is properly detected as my SPF.

I'm now at 97% score... with only one Single Warning left :
The primary name server in the SOA record (ns1.he.net) is NOT sent by the TLD name server a.gtld-servers.net. You should fix this
But the SOA record is locked and can’t be edited/deleted. Any pointers on on how to get rid of this ?

Thanks all for advises so far...

GM2015

nice weather

mehargags

Received a response from HE.Net support:

As to the SOA record, there's no requirement that the listed origin nameserver (MNAME) be reachable by the world. It's almost entirely a documentation element, much like the email RNAME email address in the SOA.

Can Mods ( @jarland ) please mark this solved for me ? I get a page not found when I try to do it.!
Thanks