"Ed" == Edward Lewis <edlewis@arin.net> writes:
>> W ICMP answer Ed> I don't know that this is a concern of DNS - what the other Ed> protocols can or can't do. Indeed. In fact checking for ICMP responses may give false positives. It's likely some good name servers will be behind firewalls or routers that don't allow ICMP through. >> W nameserver addresses are all on the same subnet (RFC2182) Ed> The problem with this test is the rise of anycast. It's Ed> harder to determine remotely if servers are all on the same Ed> subnet. True, but it's easy to accommodate the relatively small number of anycast servers and operators. >> W delegated domain is not an openrelay >> W domain of the hostmaster email is not an openrelay Ed> That's beyond DNS. A real concern, but if I just want to test Ed> DNS, then I don't want to do those tests. I agree. Checking and suppressing open relays is a Noble Thing. But it's orthogonal to whether some domain has been set up correctly on decent DNS infrastructure.