For educational purposes, I'd like to ask about some of the errors/warnings as listed. I'll try to stay away from tool-specific suggestions, as this isn't the list for your tool. At 17:37 +0200 5/22/03, Stephane D'Alu wrote:
Here is the list of tests available in the ZoneCheck v2 tool, with the severity (Fatal/Warning) that are used in the configuration file to check domain in .fr before accepting the delegation.
Severity Test Fatal/warning F dash ('-') at start or beginning of domain name
According to 1035, that is legal. Or do you mean a - at the beginning of a hostname?
F illegal symbols in domain name (RFC1034)
I don't think there are any - in a 'domain' name. Yes, in a host name.
W ICMP answer
I don't know that this is a concern of DNS - what the other protocols can or can't do.
W nameserver addresses are all on the same subnet (RFC2182)
The problem with this test is the rise of anycast. It's harder to determine remotely if servers are all on the same subnet.
W delegated domain is not an openrelay W domain of the hostmaster email is not an openrelay
That's beyond DNS. A real concern, but if I just want to test DNS, then I don't want to do those tests.
W SOA 'minimum' less than 3 hours W SOA 'refresh' at least 6 hours W SOA 'retry' at least 1 hour
I would think that these are policy dependent - sometimes shortened numbers are a good thing - if you are willing to pay the performance price.
W serial number of the form YYYYMMDDnn (RFC1912)
With the advent of dynamic update, the last is no longer recommended. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer Your office is *not* a reality-based sit-com TV show.