Hello,
When I do a DNS report from dnsreport.com on one of my own domains, I get this fail:
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
Any ideas on how to fix?
Thanks
Full Version: Stealth NameServers?
I am getting the same thing one one site, the use can view his site intermittently sometimes and other times not, all other domains are working fine on the server except his but it says something is wrong with our NS for whatever reason.
A "stealth" name server is a server listed in the zone as authoritative, but is not listed at the root servers as a queriable (is that a word?) authoritative server.
For example, you have at your registrar ns1.xyz.com and ns2.xyz.com listed as the DNS servers.
In your zone file, you've got the following NS records:
abc.com IN NS ns1.xyz.com
abc.com IN NS ns2.xyz.com
abc.com IN NS ns3.xyz.com
ns3.xyz.com is a stealth name server - it's authoritative for the domain but is never queried by the root servers. This will only cause a problem (as far as I know) if you are EXPECTING the root servers to query it if ns1 and ns2 are down.
Companies use stealth for spreading internal and external traffic over multiple servers. Lets say you have a lot of DNS traffic over ns1 and ns2. You can set your INTERNAL clients to use ns3 as it's first choice for name resolution, and since it's authoritative for the zone it will return an authoritative response. In other words, less traffic on your main servers.
So basically it's harmless
For example, you have at your registrar ns1.xyz.com and ns2.xyz.com listed as the DNS servers.
In your zone file, you've got the following NS records:
abc.com IN NS ns1.xyz.com
abc.com IN NS ns2.xyz.com
abc.com IN NS ns3.xyz.com
ns3.xyz.com is a stealth name server - it's authoritative for the domain but is never queried by the root servers. This will only cause a problem (as far as I know) if you are EXPECTING the root servers to query it if ns1 and ns2 are down.
Companies use stealth for spreading internal and external traffic over multiple servers. Lets say you have a lot of DNS traffic over ns1 and ns2. You can set your INTERNAL clients to use ns3 as it's first choice for name resolution, and since it's authoritative for the zone it will return an authoritative response. In other words, less traffic on your main servers.
So basically it's harmless
QUOTE
...queriable (is that a word?)
It is now!
I am getting the following on all domains for my server, seem to be resolving fine but still would like to figure out what the errors are cause by for future use.
I get all these errors on my dnsreports.
ERROR: One or more of the NS records that your nameservers report are invalid:
1.2.3.4. is not a valid host name (it must be a host name, not an IP address)
5.6.7.8. is not a valid host name (it must be a host name, not an IP address)
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
1.2.3.4.
5.6.7.8.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.mydomain.com.
ns2.mydomain.com.
Your DNS servers leak stealth information in non-NS requests:
Stealth nameservers are leaked [1.2.3.4.]!
Stealth nameservers are leaked [5.6.7.8.]!
This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
I get all these errors on my dnsreports.
ERROR: One or more of the NS records that your nameservers report are invalid:
1.2.3.4. is not a valid host name (it must be a host name, not an IP address)
5.6.7.8. is not a valid host name (it must be a host name, not an IP address)
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
1.2.3.4.
5.6.7.8.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns1.mydomain.com.
ns2.mydomain.com.
Your DNS servers leak stealth information in non-NS requests:
Stealth nameservers are leaked [1.2.3.4.]!
Stealth nameservers are leaked [5.6.7.8.]!
This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.
Anyone know how to fix this, I am also having thye same problem where dnsreport.com:
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
ns2.domain.com.
ns1.domain.com.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.
ns2.domain.com.
ns1.domain.com.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
Are ns1 and ns2.domain.com listed as authoritative at your registrar?
What did it for me what logging into WHM edit the zone file for your nameserver and to the left of the root.hostname.yourdomain.com there should be an IP address listed to the left of that field, change this to ns1.yournameserver.com and it should clear it up.
3 of 4 of my domains are unreachable starting this morning.
I checked DNSreport and found all kinds of name server errors including the one about stealth nameservers.
I am going to file a TT to try to get this resolved.
I checked DNSreport and found all kinds of name server errors including the one about stealth nameservers.
I am going to file a TT to try to get this resolved.
In my case, I use EV1s nameservers and they have been set up and working of many months each.
I contacted EV1s support via chat and the techs have refreshed DNS (btw, the techs were very supportive and helpful). We will know if that solves it in 4-5 hours.
Everything is configured correctly in the members section page, and as mentioned, everything worked. This problem started today without any changes being made. So far it is a mystery.
Pages started resolving again this afternoon, but the server is still not receiving email due to DNS problems (i.e. no mx records be provided by the nameservers).
The dns report still shows major problems. (Lame Nameservers and Stealth Nameservers, and all the resulting SOA and missing DNS records).
I contacted EV1s support via chat and the techs have refreshed DNS (btw, the techs were very supportive and helpful). We will know if that solves it in 4-5 hours.
Everything is configured correctly in the members section page, and as mentioned, everything worked. This problem started today without any changes being made. So far it is a mystery.
Pages started resolving again this afternoon, but the server is still not receiving email due to DNS problems (i.e. no mx records be provided by the nameservers).
The dns report still shows major problems. (Lame Nameservers and Stealth Nameservers, and all the resulting SOA and missing DNS records).
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.