DNS - hora responde, hora nâo....

[c0deks]

Bom galera, eu achei que ia ser facil, mas estou mais confuso do que cego em tiroteio.....bom, o que ocorre eh o seguinte....

* Meu IP fixo eh da Telefonica, business 450kbps

* Configurei o bind para 4 dominios, coloquei todos no /etc/hosts e tambem configurei os hosts virtuais no apache.....

* Configurei, na mesma maquina, um servidor de e-mails para os 4 dominios, ele esta funcionando perfeitamente....ele em sí....

* Liguei para a telefonica e pedi para eles fazerem o DNS reverso para o host mail.dominio1.com.br ( reparem que a telefonica disse que soh poderia apontar para um host, escolhi o mail porque a maioria dos servidores de e-mail hj em dia taum exigindo o reverso, e poque os outros dominios [ dominio2, dominio3 e dominio4 ] poderiam acessar mail.dominio1.com.br para baixar seus e-mails, jah q o servidor eh o mesmo para eles ).

Em todos os dominios, eu configurei os hosts

mail
mx
www
ns1

Agora vamos aos problemas....

1) Meu servidor de e-mail ( mail.dominio1.com.br, ou até mesmo os outros, mail.dominio2.com.br ou qualquer outro cadastrado no meu servidor ) hora responde, hora naum responde, eh alguma coisa com o DNS porque a net tah sempre ativa, nunka para, jah testei a conexao.....tipo, hora o evolution resolve, hora naum resolve......

2) Meus sites tb estão problematicos, tipo, eu digito www.dominio1.com.br e ele abre, daki 5 minutos eu faco a mesma coisa e ele soh aparece uma mensagem dizendo "No website is configured at this address".

3) [ Esse é o menor deles ] Esse servidor era, anteriormente, um windows 2003 server com open-relay, traduzindo tudo, ele, por meio de conteudo mal-intencionado, acabou se tornando uma maquina de spam, está em varias databases de spam ( www.dnsstuff.com - vide Spam Lookup ), tirar da database de spam eh facil, eh soh mandar e-mail para os karas, mas acontece que tem varias maquinas ( hosts ) estao tentando se conectar ao meu postfix tentando enviar spam, achando que ainda eh open-relay, e fika dando varios relay access denied, mas tah deixando o servidor lento e complicando a leitura dos logs.....

Meus arquivos de configuracao do named

----------- named.conf --------------

options {
directory "/conf";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
dump-file "/var/run/named.db";
version "[secured]";
};

key "rndc-key" {
algorithm hmac-md5;
secret "minha_chave_rndc";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

# Zona do root cache
zone "." {
type hint;
file "db.rootcache";
};


# Zona localhost - forward
zone "localhost" {
type master;
file "db.localhost";
notify no;
};


# Zona localhost - reverse
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
notify no;
};

# Zona dominio1.com.br
zone "dominio1.com.br" in {
type master;
file "dominio1.com.br.domain";
};

# Zona dominio2.com.br
zone "dominio2.com.br" in {
type master;
file "dominio2.com.br.domain";
};

# Zona dominio2.com.br
zone "dominio3.com.br" in {
type master;
file "dominio3.com.br.domain";
};

# Zona dominio4.com.br
zone "dominio4.com.br" in {
type master;
file "dominio4.com.br.domain";
};

------------------------------------------------------- EOF


* Neste ponto, como os arquivos dos dominios sao iguais, mudando apenas o nome do dominio, vamos assumir que a variavel $dominio = nome_do_dominio_em_questao

----------------- $dominio.com.br.domain------------

$TTL 86400
; Data autoritaria para $dominio.com.br
;

@ IN SOA localhost. root.$dominio.com.br. (
2006011202 ; serial (yyyymmddvv)
10800 ; refresh 3 horas
3600 ; retry 1 hora
36000 ; expire 10 horas
86400 ) ; minimum 24 horas

IN NS ns1.$dominio.com.br

;
;Recebimento de mensagens de e-mail
;

$dominio.com.br. IN MX 10 mx

localhost IN A 127.0.0.1
ns1 IN A [IP_DO_SERVIDOR]
mx IN A [IP_DO_SERVIDOR]
mail IN A [IP_DO_SERVIDOR]
www IN A [IP_DO_SERVIDOR]

------------------------------------------------------------ EOF


Se algum dos nobres usuarios do forum puderem me ajudar a resolver pelo menos um dos problemas, de preferencia ou o 1 ou o 2, eu ficaria mmmmmuuuuuuuuuuuuiiiiiiiiiiiiiiitoooooooooooo grato!!!

Abraços comunidade!

[irado]

experimente os testes de dns, primeiro. Darão uma base pra vc (provávelmente vão constar como "Lame server" - risos)


http://www.dnsreport.com/

http://www.squish.net/dnscheck/

:twisted:

[c0deks]

Fiz a pesquisa de host no primeiro site de teste....soh recebi alguns warnings e erros

WARNING: Your nameservers do not include any corresponding A records when asked for your NS records. They probably are not returning the A records when asked, which can prevent some other DNS servers from contacting your DNS servers. They should do this if they are authoritative for those A records. The problem record(s) are:

Nameserver [ip_do_meu_server] did not provide any IPs
-------------------------------------------------------------------------------
WARNING: Your nameservers report somewhat different answers for your NS records (varying TTL, for example).
-------------------------------------------------------------------------------
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

ns1.shopodonto.com.br.shopodonto.com.br.

This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
-------------------------------------------------------------------------------
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
sp.linkbr.com.br.
ns1.shopodonto.com.br.
--------------------------------------------------------------------------------
FAIL: Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [rj.linkbr.com.br.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
---------------------------------------------------------------------------------
ERROR: Your nameservers disagree as to which version of your DNS is the latest (2006011202 versus 2006011204). This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 2006011204 is the correct serial #. The serial numbers reported by each DNS server are:
200.196.254.164 # ip da link-br: 2006011202
[ip-do-meu-servers]: 2006011204
-----------------------------------------------------------------------------------
ERROR: Your SOA (Start of Authority) record states that your master (primary) name server is: localhost.. However, that is not a valid domain name!
------------------------------------------------------------------------------------
WARNING: Your SOA EXPIRE time is : 36000 seconds. This seems very low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
-------------------------------------------------------------------------------------
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but is a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server.

mx.shopodonto.com.br claims to be non-existent host shopnet.com.br:
220 shopnet.com.br ESMTP "Versao nao disponivel"
---------------------------------------------------------------------------------------
Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).

Testando o host de e-mail

Host Preference IP(s) [Country]
mail.linkbr.com.br. 10 [ip_do_meu_server] [BR]



Step 1: Try connecting to the following mailserver:
[ERROR: A CNAME appeared in the MX records; this is not valid (per RFCs 974 "Minor Special Issues" section, and 1034 section 3.6.2.
Mailservers are not required to send E-mail to mail.linkbr.com.br.]
CNAME(s) I found are: [mail.linkbr.com.br. CNAME sp.linkbr.com.br.] mail.linkbr.com.br. - 200.196.254.164

Step 2: If still unsuccessful, queue the E-mail for later delivery.


Note: if you enter an entire E-mail address (such as [email protected]), we will try to connect
to each mailserver to ensure that they are live and accept mail to the s

--------------------------------------

Terminando, se alguem puder traduzir para mim os erros no teste de dns q eu naum entendi nada....


No teste de e-mail ele respondeu mail.linkbr.com.br mas deveria responder mail.shopodonto.com.br - porque ele naum repondeu com o meu????????

Abraços

[c0deks]

acho que descobri porque hora vai e hora naum vai, fiz o teste no segundo site, digitei shopodonto.com.br e coloquei para testar A ( host name ), ele deu alguns erros e no fim escreveu assim

50.0% of queries will end in failure at 201.0.8.157 (ns1.shopodonto.com.br) - no such record

50.0% of queries will end in failure at 200.196.254.164 (sp.linkbr.com.br) - no such record

tah dizendo que 50% das pesquisas retornarão erros......!!!

o erro deu nessa hora:

Referral A.DNS.br


Asking A.DNS.br (200.160.0.10) for shopodonto.com.br (type A)

Referral: shopodonto.com.br is at sp.linkbr.com.br (200.196.254.164)
Referral: shopodonto.com.br is at ns1.shopodonto.com.br (201.0.8.157) ok


Referral ns1.shopodonto.com.br


Asking ns1.shopodonto.com.br (201.0.8.157) for shopodonto.com.br (type A)

Security: Server ns1.shopodonto.com.br (201.0.8.157) is recursive
Domain exists but there is no such record
Response is:

100.0% 201.0.8.157 (ns1.shopodonto.com.br) with no such record


Referral sp.linkbr.com.br


Asking sp.linkbr.com.br (200.196.254.164) for shopodonto.com.br (type A)

Security: Server sp.linkbr.com.br (200.196.254.164) is recursive
Domain exists but there is no such record
Response is:

100.0% 200.196.254.164 (sp.linkbr.com.br) with no such record
Response is:

50.0% 201.0.8.157 (ns1.shopodonto.com.br) with no such record
50.0% 200.196.254.164 (sp.linkbr.com.br) with no such record

[/quote]

[irado]

xiiiii...

a indicação é de que tá quase tudo (pelo menos o essencial) errado. Sugiro que vc releia tudo o que puder a respeito e acerte isso:

http://www.google.com.br/search?hl=p...gura+dns&meta=

divirta-se.. vai ser um ótimo fim de semana

:twisted:

[c0deks]

Fiz todos os outros queries e depois fiz o ANY, e todos deram esse erro

Security: Server sp.linkbr.com.br (200.196.254.164) is recursive

Ou entaum....

Domain exists but there is no such record

Naum pode ser porque a configuração do primario e do secundario está diferente, esqueci de mencionar isso, o secundario eh alugado da link-br


Meu servidor ( master )

shopodonto.com.br. 86400 IN SOA localhost. root.shopodonto.com.br. (
2006011204 ; Serial
10800 ; Refresh
3600 ; Retry
36000 ; Expire
86400 ) ; Minimum TTL
shopodonto.com.br. 86400 IN NS ns1.shopodonto.com.br.shopodonto.com.br.
shopodonto.com.br. 86400 IN MX 10 mx.shopodonto.com.br.

Servidor slave ( link-br )

shopodonto.com.br. 3600 IN SOA shopodonto.com.br. postmaster.shopodonto.com.br. (
2006011202 ; Serial
3600 ; Refresh
600 ; Retry
86400 ; Expire
3600 ) ; Minimum TTL
shopodonto.com.br. 3600 IN MX 10 mail.linkbr.com.br.
shopodonto.com.br. 3600 IN NS rj.linkbr.com.br.
shopodonto.com.br. 3600 IN NS sp.linkbr.com.br.