DNS
Jump to navigation
Jump to search
References
- A DNS database consists of one or more zone files used by the DNS server. Each zone holds a collection of structured resource records, the following of which are supported by the DNS Server service.
- How DNS works.
- Detailed explanations on how DNS work, applied to Linux.
- Wildcard DNS record (like
*.example.com. 3600 IN MX 10 host1.example.com.
)
How-to
Reverse DNS lookup
Transfer a domain
See OVH guide.
Prerequisite:
Domain status
record in Whois database must beok
.
whois noekeon.org|grep -i "domain status"
# Domain Status: ok https://icann.org/epp#ok
- If not
ok
, then maybe the domain is locked. In that case, it must be unlocked first at current registrar.
- Domain must not expire soon (soon seems variable, but is between 14 days and 60 days).
- Domain must exist for at least 60 days.
- Must have the domain transfer authorisation code (
AUTHINFO
).
Test domain SPF record
The simplest is to send an email from domain to GMail account, and view the mail source (Select Show original) to check for the fields Received-SPF
:
Received: from ober.noekeon.org (ober.noekeon.org. [91.134.133.203])
by mx.google.com with ESMTP id g19si15969822wmc.137.2016.09.04.23.56.46
for <night.moore.nm@gmail.com>;
Sun, 04 Sep 2016 23:56:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of michael.peeters@noekeon.org designates 91.134.133.203 as permitted sender) client-ip=91.134.133.203;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of michael.peeters@noekeon.org designates 91.134.133.203 as permitted sender) smtp.mailfrom=michael.peeters@noekeon.org
Troubleshooting
SERVFAIL
dig
(and dig +notrace
) fails with a SERVFAIL error code but dig +trace
works:
dig +notrace miki.immie.org
# ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> +notrace miki.immie.org
# ;; global options: +cmd
# ;; Got answer:
# ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29570
# ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Using a different DNS server works too:
dig @8.8.8.8 miki.immie.org
Other subdomains in that zone work though:
dig +notrace kiwi.immie.org
dig +notrace mip.immie.org
- Solution
- Turns out that we had duplicate CNAME entries in the zone file. We delete one.
miki 10800 IN CNAME prime miki 10800 IN CNAME prime