DNS: Difference between revisions
Jump to navigation
Jump to search
| Line 31: | Line 31: | ||
* Domain must exist for at least 60 days. |
* Domain must exist for at least 60 days. |
||
* Must have the domain transfer ''authorisation code'' (<code>AUTHINFO</code>). |
* Must have the domain transfer ''authorisation code'' (<code>AUTHINFO</code>). |
||
=== Test domain SPF record === |
|||
The simplest is to send an email from domain to GMail account, and view the mail source (Select ''Show original'') to check for the fields <code>Received-SPF</code>: |
|||
<source lang=text> |
|||
Received: from ober.noekeon.org (ober.noekeon.org. [91.134.133.203]) |
|||
by mx.google.com with ESMTP id g19si15969822wmc.137.2016.09.04.23.56.46 |
|||
for <night.moore.nm@gmail.com>; |
|||
Sun, 04 Sep 2016 23:56:47 -0700 (PDT) |
|||
Received-SPF: pass (google.com: domain of michael.peeters@noekeon.org designates 91.134.133.203 as permitted sender) client-ip=91.134.133.203; |
|||
Authentication-Results: mx.google.com; |
|||
spf=pass (google.com: domain of michael.peeters@noekeon.org designates 91.134.133.203 as permitted sender) smtp.mailfrom=michael.peeters@noekeon.org |
|||
</source> |
|||
== Troubleshooting == |
== Troubleshooting == |
||
Revision as of 07:52, 5 September 2016
References
- A DNS database consists of one or more zone files used by the DNS server. Each zone holds a collection of structured resource records, the following of which are supported by the DNS Server service.
- How DNS works.
- Detailed explanations on how DNS work, applied to Linux.
- Wildcard DNS record (like
*.example.com. 3600 IN MX 10 host1.example.com.)
How-to
Reverse DNS lookup
Transfer a domain
See OVH guide.
Prerequisite:
Domain statusrecord in Whois database must beok.
whois noekeon.org|grep -i "domain status"
# Domain Status: ok https://icann.org/epp#ok
- If not
ok, then maybe the domain is locked. In that case, it must be unlocked first at current registrar.
- Domain must not expire soon (soon seems variable, but is between 14 days and 60 days).
- Domain must exist for at least 60 days.
- Must have the domain transfer authorisation code (
AUTHINFO).
Test domain SPF record
The simplest is to send an email from domain to GMail account, and view the mail source (Select Show original) to check for the fields Received-SPF:
Received: from ober.noekeon.org (ober.noekeon.org. [91.134.133.203])
by mx.google.com with ESMTP id g19si15969822wmc.137.2016.09.04.23.56.46
for <night.moore.nm@gmail.com>;
Sun, 04 Sep 2016 23:56:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of michael.peeters@noekeon.org designates 91.134.133.203 as permitted sender) client-ip=91.134.133.203;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of michael.peeters@noekeon.org designates 91.134.133.203 as permitted sender) smtp.mailfrom=michael.peeters@noekeon.org
Troubleshooting
SERVFAIL
dig (and dig +notrace) fails with a SERVFAIL error code but dig +trace works:
dig +notrace miki.immie.org
# ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> +notrace miki.immie.org
# ;; global options: +cmd
# ;; Got answer:
# ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29570
# ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Using a different DNS server works too:
dig @8.8.8.8 miki.immie.org
Other subdomains in that zone work though:
dig +notrace kiwi.immie.org
dig +notrace mip.immie.org
- Solution
- Turns out that we had duplicate CNAME entries in the zone file. We delete one.
miki 10800 IN CNAME prime miki 10800 IN CNAME prime