Microsoft's DNS Error Page"

untitled

untitled
Dropdown menu Menu Test

Home
Our Company

Our Knowledge Base
Our Photo Gallery
Guest Book
Feedback Form
F.A.Q.

Computer, Etc.

Products
Services

General Contracting

Products
Services
Stair Chairs

Handyman Service

Products
Services

Storage Sheds

Products

Ok.... I was doing a dns report on my websites from dnsreport.com I got curious about MICROSOFT's dns report. So I ran it. It didn't do to bad, but my favorite part is here & here. It pretty much sums up the WORLDS opinion about M$!
- simplyjd ;-}

DNS Report

DNS Report for microsoft.com

Generated by www.DNSreport.com at 15:25:08 GMT on 20 Dec 2004.

Category

Status

Test Name

Information

Parent
PASS
Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.

INFO
NS records at parent servers
Your NS records at the parent servers are:

ns1.msft.net. [207.46.245.230] [TTL=172800] [US] ns2.msft.net. [64.4.25.30] [TTL=172800] [US] ns3.msft.net. [213.199.144.151] [TTL=172800] [UK] ns4.msft.net. [207.46.66.75] [TTL=172800] [US] ns5.msft.net. [207.46.138.20] [TTL=172800] [US]

[These were obtained from m.gtld-servers.net]

PASS
Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there, with 5 entries.

PASS
Glue at parent nameservers OK. The parent servers have glue for your nameservers. That means they send out the IP address of your nameservers, as well as their host names.

NS
INFO
NS records at your nameservers
Your NS records at your nameservers are:

ns1.msft.net. [TTL=172800] ns2.msft.net. [TTL=172800] ns3.msft.net. [TTL=172800] ns4.msft.net. [TTL=172800] ns5.msft.net. [TTL=172800]

PASS
All nameservers report identical NS records OK. The NS records at all your nameservers are identical.

PASS
All nameservers respond OK. All of your nameservers listed at the parent nameservers responded.

PASS
Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).

PASS
Number of nameservers OK. You have 5 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.

PASS
Lame nameservers OK. All the nameservers listed at the parent servers answer authoritatively for your domain.

PASS
Missing (stealth) nameservers OK. All 5 of your nameservers (as reported by your nameservers) are also listed at the parent servers.

PASS
Missing nameservers 2 OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.

PASS
No CNAMEs for domain OK. There are no CNAMEs for microsoft.com. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Note that I only checked microsoft.com, I did not check the NS records, which should not have CNAMEs either.

PASS
No NSs with CNAMEs OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.

PASS
Nameservers on separate class C's OK. You have nameservers on different Class C (technically, /24) IP ranges. You must have nameservers at geographically and topologically dispersed locations. RFC2182 3.1 goes into more detail about secondary nameserver location.

PASS
All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.

INFO
Nameservers versions Your nameservers have the following versions:

207.46.245.230: No version info available (CHAOS not implemented).
64.4.25.30: No version info available (CHAOS not implemented).
213.199.144.151: No version info available (CHAOS not implemented).
207.46.66.75: No version info available (CHAOS not implemented).
207.46.138.20: No version info available (CHAOS not implemented).

PASS
Stealth NS record leakage Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.

SOA
INFO
SOA record
Your SOA record [TTL=3600] is:

Primary nameserver: dns.cp.msft.net. Hostmaster E-mail address: msnhst.microsoft.com. Serial #: 2004121705 Refresh: 300 Retry: 600 Expire: 2419200 Default TTL: 3600

PASS
NS agreement on SOA serial # OK. All your nameservers agree that your SOA serial number is 2004121705. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNS Report only checks the NS records listed at the parent servers (not any stealth servers).

WARN
SOA MNAME Check WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: dns.cp.msft.net.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.

PASS
SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: msnhst@microsoft.com. (techie note: we have changed the initial '.' to an '@' for display purposes).

PASS
SOA Serial Number OK. Your SOA serial number is: 2004121705. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number must be incremented every time you make a DNS change.

WARN
SOA REFRESH value WARNING: Your SOA REFRESH interval is : 300 seconds. This seems low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

PASS
SOA RETRY value OK. Your SOA RETRY interval is : 600 seconds. This seems normal (about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.

PASS
SOA EXPIRE value OK. Your SOA EXPIRE time: 2419200 seconds. This seems normal (about 1209600 to 2419200 seconds (2-4 weeks) is good). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

PASS
SOA MINIMUM TTL value OK. Your SOA MINIMUM TTL is: 3600 seconds. This seems normal (about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

MX
INFO
MX Record Your 3 MX records are:
10 maila.microsoft.com. [TTL=3600] IP=131.107.3.124 [TTL=3600] [US]
IP=131.107.3.125 [TTL=3600] [US]
10 mailb.microsoft.com. [TTL=3600] IP=131.107.3.123 [TTL=3600] [US]
IP=207.46.121.51 [TTL=3600] [US]
10 mailc.microsoft.com. [TTL=3600] IP=207.46.121.53 [TTL=3600] [US]
IP=207.46.121.52 [TTL=3600] [US]

PASS
Invalid characters OK. All of your MX records appear to use valid hostnames, without any invalid characters.

PASS
All MX IPs public OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.

PASS
MX records are not CNAMEs OK. Looking up your MX record did not just return a CNAME. If an MX record query returns a CNAME, extra processing is required, and some mail servers may not be able to handle it.

PASS
MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).

PASS
MX is host name, not IP OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).

PASS
Multiple MX records OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.

PASS
Duplicate MX records OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.

PASS
Reverse DNS entries for MX records
OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current data). The reverse DNS entries are:

125.3.107.131.in-addr.arpa mail1.microsoft.com. [TTL=19] (thorough check) 51.121.46.207.in-addr.arpa mail4.microsoft.com. [TTL=19] (thorough check) 52.121.46.207.in-addr.arpa mailc.microsoft.com. [TTL=19] (thorough check)

Mail
PASS
Connect to mail servers OK: I was able to connect to all of your mailservers.

PASS
Mail server host name in greeting
OK: All of your mailservers have their host name in the greeting:

mailb.microsoft.com: 220 IGS-IMC-01.northamerica.corp.microsoft.com Mon, 20 Dec 2004 07:25:09 -0800 mailc.microsoft.com: 220 IGS-IMC-03.northamerica.corp.microsoft.com Mon, 20 Dec 2004 07:25:09 -0800 maila.microsoft.com: 220 IGR-IMC-01.redmond.corp.microsoft.com Mon, 20 Dec 2004 07:25:09 -0800

PASS
Acceptance of NULL sender OK: All of your mailservers accept mail from "". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).

PASS
Acceptance of postmaster address OK: All of your mailservers accept mail to postmaster@microsoft.com (as required by RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1).

PASS
Acceptance of abuse address OK: All of your mailservers accept mail to abuse@microsoft.com.

WARN
Acceptance of domain literals
WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted.

mailb.microsoft.com's postmaster@[207.46.121.51] response: >>> RCPT TO:<postmaster@[207.46.121.51]> <<< 550 5.7.1 Unable to relay for postmaster@[207.46.121.51] mailc.microsoft.com's postmaster@[207.46.121.52] response: >>> RCPT TO:<postmaster@[207.46.121.52]> <<< 550 5.7.1 Unable to relay for postmaster@[207.46.121.52] maila.microsoft.com's postmaster@[131.107.3.125] response: >>> RCPT TO:<postmaster@[131.107.3.125]> <<< 550 5.7.1 Unable to relay for postmaster@[131.107.3.125]

PASS
Open relay test OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here.
mailb.microsoft.com OK: 550 5.7.1 Unable to relay for Not.abuse.see.www.DNSreport.com.from.IP.65.40.223.158@DNSreport.com
mailc.microsoft.com OK: 550 5.7.1 Unable to relay for Not.abuse.see.www.DNSreport.com.from.IP.65.40.223.158@DNSreport.com
maila.microsoft.com OK: 550 5.7.1 Unable to relay for Not.abuse.see.www.DNSreport.com.from.IP.65.40.223.158@DNSreport.com

PASS
SPF record
You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record is:

"v=spf1 mx redirect=_spf.microsoft.com" [TTL=3600]

WWW
INFO
WWW Record
Your www.microsoft.com A record is:

www.microsoft.com. CNAME www.microsoft.com.nsatc.net. [TTL=3600]

PASS
All WWW IPs public OK. All of your WWW IPs appear to be public IPs. If there were any private IPs, they would not be reachable, causing problems reaching your web site.

WARN
CNAME Lookup WARNING. Your web site (www.microsoft.com) has a CNAME record pointing to www.microsoft.com.nsatc.net.. That by itself is confusing, but acceptable. However, the CNAME record in this case causes an extra DNS lookup, which will slightly delay visitors to your website, and use extra bandwidth.

Legend:

Category	Status	Test Name	Information
Parent	PASS	Missing Direct Parent check	OK. Your direct parent zone exists, which is good. Some domains (usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion.
INFO	NS records at parent servers	Your NS records at the parent servers are: ns1.msft.net. [207.46.245.230] [TTL=172800] [US] ns2.msft.net. [64.4.25.30] [TTL=172800] [US] ns3.msft.net. [213.199.144.151] [TTL=172800] [UK] ns4.msft.net. [207.46.66.75] [TTL=172800] [US] ns5.msft.net. [207.46.138.20] [TTL=172800] [US] [These were obtained from m.gtld-servers.net]
PASS	Parent nameservers have your nameservers listed	OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there, with 5 entries.
PASS	Glue at parent nameservers	OK. The parent servers have glue for your nameservers. That means they send out the IP address of your nameservers, as well as their host names.

Rows with a FAIL indicate a problem that in most cases really should be fixed.
Rows with a WARN indicate a possible minor problem, which often is not worth pursuing.
Note that all information is accessed in real-time (except where noted), so this is the freshest information about your domain.

(C) Copyright 2000-2004 R. Scott Perry

untitled

Simply J.D. & Co.'s E-Community! ©®

untitled

| Simply J.D. & Co.® | Terms of Use & Service | Privacy Policy | Copyright© 2004 | All Right Reserved | Site Map | Contact Us | Donate! |

NS	INFO	NS records at your nameservers	Your NS records at your nameservers are: ns1.msft.net. [TTL=172800] ns2.msft.net. [TTL=172800] ns3.msft.net. [TTL=172800] ns4.msft.net. [TTL=172800] ns5.msft.net. [TTL=172800]
	PASS	All nameservers report identical NS records	OK. The NS records at all your nameservers are identical.
	PASS	All nameservers respond	OK. All of your nameservers listed at the parent nameservers responded.
	PASS	Nameserver name validity	OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names).
	PASS	Number of nameservers	OK. You have 5 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.
	PASS	Lame nameservers	OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
	PASS	Missing (stealth) nameservers	OK. All 5 of your nameservers (as reported by your nameservers) are also listed at the parent servers.
	PASS	Missing nameservers 2	OK. All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.
	PASS	No CNAMEs for domain	OK. There are no CNAMEs for microsoft.com. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. Note that I only checked microsoft.com, I did not check the NS records, which should not have CNAMEs either.
	PASS	No NSs with CNAMEs	OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
	PASS	Nameservers on separate class C's	OK. You have nameservers on different Class C (technically, /24) IP ranges. You must have nameservers at geographically and topologically dispersed locations. RFC2182 3.1 goes into more detail about secondary nameserver location.
	PASS	All NS IPs public	OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays.
	INFO	Nameservers versions	Your nameservers have the following versions: 207.46.245.230: No version info available (CHAOS not implemented). 64.4.25.30: No version info available (CHAOS not implemented). 213.199.144.151: No version info available (CHAOS not implemented). 207.46.66.75: No version info available (CHAOS not implemented). 207.46.138.20: No version info available (CHAOS not implemented).
	PASS	Stealth NS record leakage	Your DNS servers do not leak any stealth NS records (if any) in non-NS requests.

SOA	INFO	SOA record	Your SOA record [TTL=3600] is: Primary nameserver: dns.cp.msft.net. Hostmaster E-mail address: msnhst.microsoft.com. Serial #: 2004121705 Refresh: 300 Retry: 600 Expire: 2419200 Default TTL: 3600
	PASS	NS agreement on SOA serial #	OK. All your nameservers agree that your SOA serial number is 2004121705. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNS Report only checks the NS records listed at the parent servers (not any stealth servers).
	WARN	SOA MNAME Check	WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: dns.cp.msft.net.. However, that server is not listed at the parent servers as one of your NS records! *This is probably legal, but you should be sure that you know what you are doing*.
	PASS	SOA RNAME Check	OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: msnhst@microsoft.com. (techie note: we have changed the initial '.' to an '@' for display purposes).
	PASS	SOA Serial Number	OK. Your SOA serial number is: 2004121705. This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2000, you would use 2000050203. This number must be incremented every time you make a DNS change.
	WARN	SOA REFRESH value	WARNING: Your SOA REFRESH interval is : 300 seconds. This seems low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.
	PASS	SOA RETRY value	OK. Your SOA RETRY interval is : 600 seconds. This seems normal (about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.
	PASS	SOA EXPIRE value	OK. Your SOA EXPIRE time: 2419200 seconds. This seems normal (about 1209600 to 2419200 seconds (2-4 weeks) is good). RFC1912 recommends 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.
	PASS	SOA MINIMUM TTL value	OK. Your SOA MINIMUM TTL is: 3600 seconds. This seems normal (about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

MX	INFO	MX Record	Your 3 MX records are: 10 maila.microsoft.com. [TTL=3600] IP=131.107.3.124 [TTL=3600] [US] IP=131.107.3.125 [TTL=3600] [US] 10 mailb.microsoft.com. [TTL=3600] IP=131.107.3.123 [TTL=3600] [US] IP=207.46.121.51 [TTL=3600] [US] 10 mailc.microsoft.com. [TTL=3600] IP=207.46.121.53 [TTL=3600] [US] IP=207.46.121.52 [TTL=3600] [US]
	PASS	Invalid characters	OK. All of your MX records appear to use valid hostnames, without any invalid characters.
	PASS	All MX IPs public	OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail.
	PASS	MX records are not CNAMEs	OK. Looking up your MX record did not just return a CNAME. If an MX record query returns a CNAME, extra processing is required, and some mail servers may not be able to handle it.
	PASS	MX A lookups have no CNAMEs	OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3).
	PASS	MX is host name, not IP	OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records).
	PASS	Multiple MX records	OK. You have multiple MX records. This means that if one is down or unreachable, the other(s) will be able to accept mail for you.
	PASS	Duplicate MX records	OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources.
	PASS	Reverse DNS entries for MX records	OK. The IPs of all of your mail server(s) have reverse DNS (PTR) entries. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. Note that this information is cached, so if you changed it recently, it will not be reflected here (see the www.DNSstuff.com Reverse DNS Tool for the current data). The reverse DNS entries are: 125.3.107.131.in-addr.arpa mail1.microsoft.com. [TTL=19] (thorough check) 51.121.46.207.in-addr.arpa mail4.microsoft.com. [TTL=19] (thorough check) 52.121.46.207.in-addr.arpa mailc.microsoft.com. [TTL=19] (thorough check)

Mail	PASS	Connect to mail servers	OK: I was able to connect to all of your mailservers.
	PASS	Mail server host name in greeting	OK: All of your mailservers have their host name in the greeting: mailb.microsoft.com: 220 IGS-IMC-01.northamerica.corp.microsoft.com Mon, 20 Dec 2004 07:25:09 -0800 mailc.microsoft.com: 220 IGS-IMC-03.northamerica.corp.microsoft.com Mon, 20 Dec 2004 07:25:09 -0800 maila.microsoft.com: 220 IGR-IMC-01.redmond.corp.microsoft.com Mon, 20 Dec 2004 07:25:09 -0800
	PASS	Acceptance of NULL sender	OK: All of your mailservers accept mail from "". You are required (RFC1123 5.2.9) to receive this type of mail (which includes reject/bounce messages and return receipts).
	PASS	Acceptance of postmaster address	OK: All of your mailservers accept mail to postmaster@microsoft.com (as required by RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1).
	PASS	Acceptance of abuse address	OK: All of your mailservers accept mail to abuse@microsoft.com.
	WARN	Acceptance of domain literals	WARN: One or more of your mailservers does not accept mail in the domain literal format (user@[0.0.0.0]). Mailservers are technically required RFC1123 5.2.17 to accept mail to domain literals for any of its IP addresses. Not accepting domain literals can make it more difficult to test your mailserver, and can prevent you from receiving E-mail from people reporting problems with your mailserver. However, it is unlikely that any problems will occur if the domain literals are not accepted. mailb.microsoft.com's postmaster@[207.46.121.51] response: >>> RCPT TO:<postmaster@[207.46.121.51]> <<< 550 5.7.1 Unable to relay for postmaster@[207.46.121.51] mailc.microsoft.com's postmaster@[207.46.121.52] response: >>> RCPT TO:<postmaster@[207.46.121.52]> <<< 550 5.7.1 Unable to relay for postmaster@[207.46.121.52] maila.microsoft.com's postmaster@[131.107.3.125] response: >>> RCPT TO:<postmaster@[131.107.3.125]> <<< 550 5.7.1 Unable to relay for postmaster@[131.107.3.125]
	PASS	Open relay test	OK: All of your mailservers appear to be closed to relaying. This is not a thorough check, you can get a thorough one here. mailb.microsoft.com OK: 550 5.7.1 Unable to relay for Not.abuse.see.www.DNSreport.com.from.IP.65.40.223.158@DNSreport.com mailc.microsoft.com OK: 550 5.7.1 Unable to relay for Not.abuse.see.www.DNSreport.com.from.IP.65.40.223.158@DNSreport.com maila.microsoft.com OK: 550 5.7.1 Unable to relay for Not.abuse.see.www.DNSreport.com.from.IP.65.40.223.158@DNSreport.com
	PASS	SPF record	You have an SPF record. This is very good, as it will help prevent spammers from abusing your domain. Your SPF record is: "v=spf1 mx redirect=_spf.microsoft.com" [TTL=3600]