Thursday 17 September 2015

Understanding SPF DNS Records

SPF or “Sender Policy Framework” is a technique that aims to prevent email sender spoofing, and ultimately cut spam, it means that senders without a properly configured SPF record may be considered spam.
But if your business sends out email, and you want to make sure it isn’t marked as spam at your destination, then you might need to look at your SPF records.
The first step is to look at the headers of a received email, by a client that handles SPF, i.e. Gmail, and if you see something like spf=softfail ( domain of transitioning does not designate as permitted sender) , this means SPF is not configured correctly.
So, lets say, you know the sender is going to have IP address 1.2.3.4 – i.e. your outbound SMTP server. and your sender email is whatever@me.com – you need to then add a DNS TXT record to the domain me.com with the text
v=spf1 ip4:1.2.3.4 ~all
For the host “@” (non-www)
Then try sending the email again, and view the headers on the message, and it should say
Received-SPF: pass (google.com: domain of whatever@me.com designates 1.2.3.4 as permitted sender) client-ip=1.2.3.4;
This will come into play big time if you use Direct to MX software, or Amazon SES

Thursday 22 November 2012

Is Google DNS a Myth?

Google public DNS resolving services on IP addresses 8.8.8.8 and 8.8.4.4 was sold as being a faster solution for users, since caching could occur on a massive scale, but is it just a statistics gathering exercise for Google?

Using NameBench (http://code.google.com/p/namebench/), and running the test, it looks as if Google DNS is actually slower than local services, and popular global ones:


Mean Response Duration

Mean Duration Graph

Fastest Individual Response Duration

Fastest Response Graph

Response Distribution Chart (First 200ms)

Response Distribution Graph (first 200ms)

Response Distribution Chart (Full)

Response Distribution Graph (full)

DNS Speed testing.

DNS Speed testing.

I've often used ZoneCheck to test if DNS is set up correctly, but it doesn't give an indication of performance,
for that, I'd recommend https://www.ultratools.com/tools/dnsHostingSpeedResult - Check for "A" record response, where you should aim to get a response time of 50ms or less.

Here is a speed check of this blog, which is hosted by Google.


freenameservers.blogspot.co.uk

Name ServerAAAACNAMEMXSOAASPFSRVTXT
ns3.google.com.3830383131313139
ns4.google.com.32333233
ns2.google.com.1313131314121313
ns1.google.com.1615171616161716
Min. Time(ms)32333233
Max. Time(ms)3830383131313139
Avg. Time(ms)1715171516151617

co.uk.

ns5.nic.uk.85 ms
nsa.nic.uk.10 ms
ns4.nic.uk.87 ms
ns2.nic.uk.88 ms
ns1.nic.uk.101 ms
ns7.nic.uk.82 ms
ns6.nic.uk.88 ms
nsb.nic.uk.2 ms
nsd.nic.uk.10 ms
nsc.nic.uk.2 ms
ns3.nic.uk.80 ms
Min. Time: 2 ms  Max. Time: 101 ms  Avg. Time: 57 ms

TLD Servers

ns4.nic.uk.79 ms
ns1.nic.uk.101 ms
ns3.nic.uk.91 ms
ns2.nic.uk.86 ms
ns6.nic.uk.90 ms
nsc.nic.uk.2 ms
ns5.nic.uk.86 ms
nsa.nic.uk.10 ms
nsd.nic.uk.10 ms
nsb.nic.uk.2 ms
ns7.nic.uk.82 ms
Min. Time: 2 ms  Max. Time: 101 ms  Avg. Time: 58 ms

Root Servers

h.root-servers.net. (H3)5 ms
k.root-servers.net. (k3.linx.k.ripe.net)97 ms
a.root-servers.net. ()231 ms
c.root-servers.net. (iad1a.c.root-servers.org)2 ms
l.root-servers.net. (dnd01.l.root-servers.org)92 ms
e.root-servers.net. (e5.arc.nasa.gov)80 ms
m.root-servers.net. (M-CDG-1)85 ms
i.root-servers.net. (s1.bnx)92 ms
f.root-servers.net. (scl1a.f.root-servers.org)166 ms
d.root-servers.net. (css-d.net.umd.edu)3 ms
b.root-servers.net. (b8)65 ms
j.root-servers.net. (jluepe1-elstk2)139 ms
g.root-servers.net. (g.root-servers2.net)35 ms
Min. Time: 2 ms  Max. Time: 231 ms  Avg. Time: 84 ms

Monday 28 May 2012

.VE Domains down



As of 3 PM GMT, all Venezuelan domains (.ve) appear to have gone down. It does appear that the sole nameserver responsible for .com.ve is unresponsive:

nslookup -q=ns com.ve
Server:  my.router
Address:  192.168.1.1

ve
        primary name server = ns1.nic.ve
        responsible mail addr = hostmaster.nic.ve
        serial  = 2012052809
        refresh = 900 (15 mins)
        retry   = 300 (5 mins)
        expire  = 1296000 (15 days)
        default TTL = 3600 (1 hour)

C:\Users\Administrator>ping ns1.nic.ve
Ping request could not find host ns1.nic.ve.


Saturday 28 April 2012

Manage DNS from your iPhone or iPad



Manage DNS from your iPhone, All the features of www.freenameservers.co.uk in one app:
http://itunes.apple.com/us/app/dns-manager/id521448034

Wednesday 25 April 2012

Manage DNS from your Nokia phone

If you have a Nokia phone, then we've just developed a new App for the Nokia OVI store that allows you manage the DNS settings for your domain.






Here is the Nokia OVI store Link: http://store.ovi.com/content/272883

Friday 8 April 2011

Reverse DNS lookup using nslookup

It's easy to get the IP address from a domain name, just ping it.

C:\Users\Administrator>ping s15243155.onlinehome-server.info

Pinging s15243155.onlinehome-server.info [212.227.102.68] with 32 bytes of data

Or use nsLookup to get the A record, which does the same

C:\Users\Administrator>nslookup -q=a s15243155.onlinehome-server.info
Server: my.router
Address: 192.168.1.1

Non-authoritative answer:
Name: s15243155.onlinehome-server.info
Address: 212.227.102.68

To reverse the lookup, then you use the special "in-arpa.arpa" domain with the IP address backwards... like this

C:\Users\Administrator>nslookup -q=ptr 68.102.227.212.in-addr.arpa
Server: my.router
Address: 192.168.1.1

Non-authoritative answer:
68.102.227.212.in-addr.arpa name = s15243155.onlinehome-server.info

102.227.212.in-addr.arpa nameserver = nsa2.schlund.de
102.227.212.in-addr.arpa nameserver = nsa.schlund.de
nsa.schlund.de internet address = 195.20.224.98
nsa2.schlund.de internet address = 195.20.244.5

This really comes into play when fixing this error in ZoneCheck:

w: Reverse for the nameserver IP address doesn't match
  • ns1.xyz.net/86.xx.xx.194
To Fix this, click Start>Run>dnsmgmt.msc

Select Reverse Lookup zones, select the .in-addr.arpa.

Right Click, Select "New Pointer (PTR)", enter the first 3 digits of the IP into the "Host IP Address" and enter the nameserver domain into "Host name", then press OK