Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


warnings - with dns.HE.net hosted Zones
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

warnings - with dns.HE.net hosted Zones

mehargagsmehargags Member
edited January 2016 in Help

Hi,
I recently tried using dns.he.net for my hosted dns solutions but I'm seeing some warnings for which I seek some views, if they are ok to be there or need some mending.

I am using ns1/ns2/ns2/ns4/ns5.he.net all of them for my domain.

using SolveDNS checks I get the following Warnings

ns1.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns1.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

Name Servers Found at ns2.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns2.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

Name Servers Found at ns3.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns3.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

Name Servers Found at ns4.he.net for mydomain.com NOT found at k.gtld-servers.net:
ns5.he.net
Your name server ns4.he.net is responding with a different set of NS records as compared to the TLD server k.gtld-servers.net!

The NS records returned by your name servers are not consistent with either the TLD server k.gtld-servers.net or some of your other name servers. See above. The reason for this could be that you have different name servers at your domain name registrar as compared to your NS records. Even if this could be ok, you should always have the same name servers at your registrar and at your NS records.

Your domain name does not appear to have an SPF record. This makes it vulnerable to email spoofing.

Singapore usually fails for ns4/ns5.he.net ping
I also have SPF records as TXT, verified with various SPF-Check tools online, still it complains for it

This is overall score

60.78% out of 100

Comments

  • nice story bro

    provide the domain if you want help.

    Thanked by 1GIANT_CRAB
  • ns1 was dropped if I rememeber?

  • @Caster said:
    ns1 was dropped if I rememeber?

    I kind of noticed that when making zones, HE says ns2 to ns5 shall be added. But it itself makes a glue record with ns1 by default... so I used it. A bit confused here.

  • You need ns1 to add domain but after that you should delete ns1 if i remember good

  • I use dns.he.net but only use ns2and ns3

    i have no problem what so ever

  • I'm not sure what the problem here is (the cause). I use HE's DNS for some domains and I've run it through SolveDNS/IntoDNS and everything is totally fine. Just one warning because of only having one MX server on SolveDNS and a warning on IntoDNS because DNS looks take longer as DNS root servers redirect to other servers which redirect to another server before it finally reaches HE's DNS.

  • so let me get this straight
    in my Godaddy registrar panel, I sent my domain's Nameservers as ns2, ns3 only 2 of them ?

    in my dns.he.net domains control panel, I should delete NS records for ns1, ns4, ns5?

  • mehargags said: in my dns.he.net domains control panel, I should delete NS records for ns1, ns4, ns5?

    Yes, the nameservers must give the same responses as the top level domain does - but why not use all of them (except for ns1)?

  • mehargagsmehargags Member
    edited January 2016

    Well I guess if they are available, all of them should be used -- right ?
    Also, I guess ns1 needs to be removed altogether, right ?

    UPDATE:
    Removed ns1 from my registrar panel, then removed the NS record from he.net panel. Alot of warnings vanished.!!! Looks good

    I still get this
    The primary name server in the SOA record (ns1.he.net) is NOT sent by the TLD name server m.gtld-servers.net. You should fix this.

    My SOA record at he.net is LOCKED and cannot be edited/deleted. Any pointers ? this is what it says
    ns1.he.net. hostmaster.he.net. 2016012300 10800 1800 604800 86400

  • Don't know what to help, I checked .net domain I'm using dns.he.net, I do use all 5 of their dns records and SOA show no error

  • jamjam Member

    just curiosity, i check my domain with solvedns, i got 20.63% out of 100 loool

    note: i am not using dns.he.net

  • jarjar Patron Provider, Top Host, Veteran

    Bad tools that obsess over irrelevant details are bad. If your DNS works, that's what matters.

    Thanked by 1mehargags
  • @jarland said:
    Bad tools that obsess over irrelevant details are bad. If your DNS works, that's what matters.

    Time to launch dnsroute ?

    Thanked by 1jar
  • @NexHost said:
    Time to launch dnsroute ?

    LOL too late I got it

  • mehargagsmehargags Member
    edited January 2016

    While i don't doubt these finicky tools for false positives, DNS is undoubtedly the most critical part of all routing/networking/IT, but unfortunately, not paid much attention to.

    So was just trying to get the best setup as per different "standards" to ensure configuration as close to "by the book".


    As an Update, MXtoolBox advised type "SPF" Record is deprecated & must now only be published as a DNS TXT, which I did and now it is properly detected as my SPF.

    I'm now at 97% score... with only one Single Warning left :
    The primary name server in the SOA record (ns1.he.net) is NOT sent by the TLD name server a.gtld-servers.net. You should fix this
    But the SOA record is locked and can’t be edited/deleted. Any pointers on on how to get rid of this ?

    Thanks all for advises so far...

  • GM2015GM2015 Member
    edited January 2016

    nice weather

  • mehargagsmehargags Member
    edited January 2016

    Received a response from HE.Net support:

    As to the SOA record, there's no requirement that the listed origin nameserver (MNAME) be reachable by the world. It's almost entirely a documentation element, much like the email RNAME email address in the SOA.

    Can Mods ( @jarland ) please mark this solved for me ? I get a page not found when I try to do it.!
    Thanks

Sign In or Register to comment.