FirstDNS

Archive mensuelles: mars 2015

DMARC records

I’ve been working on optimizing the outgoing mail from my virtual server. This server has several virtual domains which send and receive mail as well. I’ve been using the mail-tester.com service to check configurations, and I seem to be able to get 9 or 10 out of 10 on all my sites. However, there’s a warning that comes up about the DMARC record. The mail-tester advice is:

You do not have a DMARC record A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC. You do not have a DMARC record, please add the following one to your domain _dmarc.lists.example.net

v=DMARC1; p=none

and my bind entry is:

_dmarc.lists.example.net. IN TXT « v=DMARC1;p=none »

Finally, a dmarcian.com inspection does show a record matching what I put in bind. Does this look correct, or is there some nuance that I’m missing and mail-tester.com isn’t explaining in a way that I see? Thanks!

Edit: To remove the obvious noob mistake question…no my bind entry does not actually say example.net, it’s the actual name of the server used in the Errors-To, Sender, and Return-Path headers in the emails.

submitted by TheRealBeakerboy
[link] [comment]

Powered by WPeMatico

Curious random DNS queries

Hello, I did see a post (http://redd.it/2isn35) similar to this, but it doesn’t seem to be the same case.

I get some random queries, but the frequency is way to low to be an attempt to a DDOS/DOS attack. Also, I thought that a « good » DNS amplification should be querying existing records (to ensure a « larger » response), not random, guaranteed to always return « No such name » responses.

My traffic is usually quite low; I get those about once a minute, grouped in ~5 queries from the same IP (probably spoofed, not always the same, but frequently from the 8.0.7.0-8.0.6.255 range).

Some examples (domain has been changed to protect the innocent):

MZLUVOoN.MydOmAIn.Com (yes with randomized capitals)

qqevjfrviwzxll.mydomain.com

RnMFgaSIYZXl.mYDoMaiN.COm

winrar.mydomain.com

ocsinventory-ng.mydomain.com

2010cr0198.mydomain.com – this one does look like some attempt to a DDOS, because I just saw the exact same query coming from 3 different networks almost at the same time (just once from each, though).

So what are they? Do you guys get those too?

(my server accepts no recursion and answers to those all with « No such name ». I’m considering dropping the recurrent ips on the firewall, but if they are spoofed, it may do more harm than good).

thanks!

submitted by jsveiga
[link] [11 comments]

Powered by WPeMatico

Question on switching DNS and MX records

I apologize if this will sound stupid – I’m not exactly sure how to word my question…but here goes:

I have domaina.com and its’ registered with GoDaddy. I have webspace with HostGator.

I want to keep domaina.com with GoDaddy because that’s where our e-mail is set up, but point the domain towards HostGator for the www.domaina.com

I know I have to use nameservers to accomplish this, but will changing name servers screw up my mail records?

Will I have to do anything special?

submitted by LE6940
[link] [3 comments]

Powered by WPeMatico