In <20040804083348(_dot_)GA2271(_at_)nic(_dot_)fr> Stephane Bortzmeyer
<bortzmeyer(_at_)nic(_dot_)fr> writes:
On Tue, Aug 03, 2004 at 01:26:26PM -0400,
John A. Martin <jam(_at_)athene(_dot_)jamux(_dot_)com> wrote
a message of 29 lines which said:
The DNS report tool at <http://www.DNSreport.com> now gives a yellow
flag warning for domain without a SPF record.
Do note that this testing tool is quite broken. I gives a spurious "No
glue records" warning on *every* .ORG domain, for instance, and was
never fixed. It makes a FAIL if there is no MX (even for domains with
an A like example.org), etc.
Do not use it.
Can you please explain why the "no glue records" is suprious?
For example, if I do the following:
(wayne(_at_)footbone) $ dig elginwatches.org +trace
; <<>> DiG 9.2.4rc5 <<>> elginwatches.org +trace
;; global options: printcmd
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
elginwatches.org. 259200 IN A 206.222.212.234
elginwatches.org. 259200 IN NS dns.elginwatches.org.
elginwatches.org. 259200 IN NS ns1.twisted4life.com.
;; Received 134 bytes from 192.228.79.201#53(B.ROOT-SERVERS.NET) in 2 ms
I notice that I'm *not* given a glue record for ns1.twisted4life.com
from the root servers. This means that my name server will have to
discover the IP address for ns1.twisted4life.com some other way.
You may want to add an SPF record before October 1, 2004, the target
date for domains to have SPF records in place.
Bullshit.
?
-wayne