Stale MX Records

[Kris Haight]

> >>  - ns.mindsprung.net (208.176.94.126)
> >>    does not answer authorativly for firespout.com
> 
> 	In addition, it appears that this machine is running 
> recursively 
> and caching, so there is the chance of cache pollution problems. 
> Worse, it appears that this machine is running BIND 8.2.2-P7, which 
> would mean that it is vulnerable to known attacks to gain root 
> privileges.  I would strongly encourage you to at least upgrade to 
> BIND 8.2.4-REL, if not 9.1.2-REL or the latest release candidate for 
> 9.1.3.

I am aware of this exploit. I thought I fixed this. I guess I didnt. Will Do
it this weekend.

As far as the cacheing... How do I fix this?

> >  And how can I make it authorative? I followed The O'Reilly 
> Book DNS & BIND
> >  to a T so now I am totally lost.
> 
> 	It's hard to say.  What is in the log files for this machine 
> about this zone?

See my log cut and pastes below.

> >>  - Default TTL in firespout.com'a SOA is 1 hour, way to low
> >
> >  Recommendation? I am relatively new to DNS and I am 
> learning as I go along.
> >  I've had a home server setup for a while, but havent had 
> issues with it, so
> >  this is a first for me.
> 
> 	Default TTLs for things like this should almost always be at 
> least a day, and possibly as large as a week.  You should only exceed 
> these values on one side or the other if you have a known reason that 
> you need/want to do so.

Okay. Will Change This.

> >>  Your REAL problem seems to be that chhost.com still thinks they
> >>  are auth for firespout.com, thus givin out faulty records :
> >>  > dig firespout.com mx @NS2.cihost.com.
> 
> 	From what I see, dns1.nhvt.net is a lame delegation 
> from the gTLD servers:

Will Fix This.

 
> 
> 	This would also be a problem that needs to be fixed.  In 
> particular, the delegation records should be fixed at the 
> InterNIC/Network Solutions, so that only the appropriate nameservers 
> within mindsprung.net are referenced.

firespout.com is registered with Register.Com (I didnt do this).
Unfortunately their interface sucks and doesnt correctly list the primary
and secondary servers in order. 

> >  I think so too. I've asked them on several occasions to 
> take us out of DNS
> >  and they claim they've taken it out. Maybe they havent. I 
> will give them a
> >  call again.
> 
> 	Change the delegation records, and this becomes a moot point.
> 

Okay. I might just take DNS1.NHVT.NET out of the loop. It was orginally in
there just because it was some other provider besides here at the office
just incase my T1 goes down.

Here are my cut and pastes from my log files from the NS.MINDSPRUNG.NET
server. I dont know exactly what you are looking for, but here's the best I
can do.

Jun 15 16:28:57 latte named[32668]: starting.  named 8.2.2-P7 Fri Nov 10
11:12:53 EST 2000
^Iprospector at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P7/src/bin/
named
Jun 15 16:28:57 latte named[32668]: hint zone "" (IN) loaded (serial 0)
Jun 15 16:28:58 latte named[32668]: slave zone "fs.mindsprung.net" (IN)
loaded (serial 2001043002)
Jun 15 16:28:58 latte named[32668]: slave zone "firespout.com" (IN) loaded
(serial 2001050901)
Jun 15 16:28:58 latte named[32668]: listening on [208.176.94.126].53 (eth1)
Jun 15 16:28:58 latte named[32668]: Forwarding source address is
[0.0.0.0].1073
Jun 15 16:28:58 latte named.ext: named.ext startup succeeded
Jun 15 16:28:58 latte named[32669]: group = 25
Jun 15 16:28:58 latte named[32669]: user = named
Jun 15 16:28:58 latte named[32669]: Ready to answer queries.

I dont want to paste the entire log to you since it would be pages and pages
of stuff. I host several domains on the NS.MINDSPRUNG.NET server. I cant
seem to see any else in the log that would be apparent to the firespout.com
domain at all. I also dont know what you're looking for either.