I hope one of the gurus will have pity for me and help me out.

Ok, running dnsreport on my brand-spanking new DNS server, I get three fails (not to mention several warns):

FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

ns.mysite.biz.

This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
NS2.mysite.biz.
NS1.mysite.biz. This one confuses me especially...both aren't listed...

Your DNS servers leak stealth information in non-NS requests:

Stealth nameservers are leaked [ns.mysite.biz.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.

I am on W2k3 with Plesk installed. I created a forward lookup zone for mysite.biz through the dnsmgmt snap-in. Then I added the domain to Plesk and expanded the zone template slightly. So, now Plesk shows the following for the zone:



dnsmgmt only has SOA, two NS pointing to ns1 and ns1 and two A directing ns1 and ns2 to the respective IP.

I also have RRAS setup with TCP/UDP 53 opened.

At my current level of knowledge, I am clueless. Oh yeah, guess I should mention that the DNS actually works fine right now (surprisingly enough).

So, anyone willing to give me some pointers? I could sure use some. :shock:

What are the nameservers for your site? Ns1 and ns2??

Yes.

This is the problem:

mysite.biz. NS ns.mysite.biz.
ns.mysite.biz. A 67.19.xxx.xx2

You need to either remove these lines from your zone, or add ns.mysite.biz as a nameserver for your domain (at your registrar).

DNSReport.com was complaining that ns.mysite.biz is an unexpected nameserver for your domain. It is "stealth" because it wasn't listed at your registrar, but it exists in your zone. And it is "leaking" because it responses to DNS queries from the public.

Also you need to add the followings:

mysite.biz. NS ns1.mysite.biz.
mysite.biz. NS ns2.mysite.biz.

This takes care of the problem of missing (official) nameserver records. Your nameservers are functioning because the problems are not performance related. They are configuration anomalies and potential sources of information leaks.

That sure took care of it and I learned something at the same time. <3 Thank you!