Some warnings I got when trying my domain/NS check at http://www.dnsstuff.com/pages/expert.htm are pasted below. Should I care about these?

If so, where do I fix them?

(I am getting to my server via eNom nameservers; my own nameservers have not propagated yet. But most of my customers get here via eNom nameservers, so they will have the same warnngs.)

Warning 1:---------------------

Warning: Your NS records at your authoritative DNS servers have TTLs that do not match what the parent servers report:

dns1.name-services.com. [TTL 172800 at parent; 3600 at 63.251.163.102]dns2.name-services.com. [TTL 172800 at parent; 3600 at 63.251.163.102]dns3.name-services.com. [TTL 172800 at parent; 3600 at 63.251.163.102]dns4.name-services.com. [TTL 172800 at parent; 3600 at 63.251.163.102]dns5.name-services.com. [TTL 172800 at parent; 3600 at 63.251.163.102]
In some cases, this can cause some serious problems. For example, if the parent servers have a 172800 second TTL (48 hours), and your authoritative DNS servers report a TTL of 3600 seconds (1 hour), you are saying that the parent DNS servers do not have the correct information. But, after 1 hour your DNS records may time out. At that point a DNS resolver will need to get fresh NS records. This can cause a serious problem in some cases.

Warning 2:---------------------

WARNING: Your SOA EXPIRE time is : 86400 seconds. This seems a bit low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

Warning 3:---------------------

WARNING: You only have 1 MX record. If your primary mail server is down or unreachable, there is a chance that mail may have troubles reaching you.

Warning 4:---------------------

WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted.

mail.webgusto.com's postmaster@[69.93.187.58] response:
>>> RCPT TO:<postmaster@[69.93.187.58]>
<<< 501 : domain literals not allowed


Thanks!

Bill

Warnings are warnings and generally do not prevent anything from working. If you can access your sites and no one complains about not getting there then you will do fine. If you however got a 'fail' somewhere then you should take immediate corrective action.

Thanks, Eddy2099. That was reassuring.

But now I have FAIL...

I created the DNS for my new servers as ns1. and ns2. so I could get the server up and running, and add new clients there while preparing to decommission the old server. I left dns1 and dns2 pointing to the old server until I was ready to switch. (The old server was at Burst, not at SM.)

Switched a few days ago and repointed dns1 and dns2 to the new server, using the registrar's facility for that. After a day or so, they seem to be working fine. (They show as nameserver 3 and 4 on my WHM, and have the 3rd and 4th IP in my bank of IPs.)

Here is the message that same utility now gives, for domains using the DNS1/2 nameservers (instead of NS1/2)

Fail #1 -------------------------
FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

ns1.domain.com.
ns2.domain.com.

This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

Fail #2 -------------------------
ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
dns1.domain.com.
dns2.domain.com.


Fail #3 -------------------------
Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [ns1.domain.com.]!
Stealth nameservers are leaked [ns2.domain.com.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.

I have look for obvious and subtle ways to fix these, without success. Any suggestions?

Thanks again,
Bill