Helpful Information
 
 
Category: DNS
SOA and MX

I was told my SOA and MX are highly misconfigured
what should I do ?

skeasor

Because serriaweb.com (your host) doesn't have a clue what DNS is. Should you continue to host with them, your site(s) will suffer timeouts, unreachable or the like errors.

First off, their DNS is misconfigured.

# dnsqr soa sierraweb.com
6 sierraweb.com:
78 bytes, 1+1+0+0 records, response, noerror
query: 6 sierraweb.com
answer: sierraweb.com 3600 SOA sierraweb.com hostmaster.sierraweb.com 1806903785 1800 300 172800 3600

- sierraweb.com is NOT FQDN.
- SOA is not the one in bold above (sierraweb.com). It should be ns1.sierraweb.com.
- ns1.sierraweb.com resolves to 216.218.219.2, which has a broken reverse. As a host, you must have a working reverse.
dnsname 216.218.219.2 returns nothing.
- MX with a broken reverse is extremely bad as a host.

# dnsmx sierraweb.com

20 smtp.sierraweb.com
10 mail.sierraweb.com

smtp.sierraweb.com has the same IP as ns1.sierraweb.com. To have a more reliable MX, they need to change smtp.sierraweb.com to ns1.sierraweb.com. Anyhow, their reverse is broken, so don't host with them.

Now let's check your zone record:

# dnsqr soa susquenita.com
6 susquenita.com:
89 bytes, 1+1+0+0 records, response, noerror
query: 6 susquenita.com
answer: susquenita.com 43200 SOA susquenita.com hostmaster.sierraweb.com 2840239817 3600 1800 1209600 43200

- The SOA for your domain must be ns1.sierraweb.com so the authority
can be traced to the roots.

# dnsmx susquenita.com

10 mail.susquenita.com

- Each MX should be known by ONE FQDN that gives you the fastest DNS lookup, when multiple FAQNs resolve to the same IP. So whatever FQDN of xxx.susquenita.com has the highest preference, set your MX to it. You also can set your MX to skeasor.static.pa.net for more reliability.

Do the same for your other domain. There are more misconfiguration but they are minor and I am not going to spend more time to point those out here.

You really know your stuff about this whole networking business. How long have you been studying ?

skeasor

Been working for years.

Actually DNS is a rather simple protocol but too many dnsadmins are just clueless. I believe at least 30% of DNS servers on the net are misconfigured in some ways. Who should they blame that on? BIND developers.










privacy (GDPR)