11/09/2007

各大网站域名服务器测评

Sina、sohu、tom、163、baidu、google域名服务器测评

 

http://www.dnsstuff.com/tools/dnsreport.ch?domain=sina.com.cn

 

Parent 

INFO NS records at parent serversYour NS records at the parent servers are:

ns2.sina.com.cn. [61.172.201.254 ] [TTL=21600] [CN]
ns3.sina.com.cn . [202.108.44.55] [TTL=21600] [CN]
ns1.sina.com.cn. [202.106.184.166] [TTL=21600] [CN]
[These were obtained from cns.cernet.net]

 

NS  INFO  Nameservers versions   Your nameservers have the following versions:

    61.172.201.254: No version info available (refused).
    202.108.44.55: No version info available (refused).
    202.106.184.166: No version info available (refused).

 

SOA 

WARN  SOA Serial NumberWARNING: Your SOA serial number is: 5. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2006, you would use 2006050203. This number must be incremented every time you make a DNS change.

WARN  SOA MINIMUM TTL valueWARNING: Your SOA MINIMUM TTL is : 600 seconds. This seems low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

 

规范等级:中

 

  Sina.com

http://www.dnsstuff.com/tools/dnsreport.ch?domain=sina.com

 

 

Parent

 INFO    NS records at parent serversYour NS records at the parent servers are:

     ns1.sina.com.cn. [ 202.106.184.166 (NO GLUE)] [CN]
     ns2.sina.com.cn. [61.172.201.254 (NO GLUE)] [CN]
     ns3.sina.com.cn. [202.108.44.55 (NO GLUE)] [CN]
      [These were obtained from l.gtld-servers.net]

WARN  Glue at parent nameservers

WARNING. The parent servers (I checked with l.gtld-servers.net.) are not providing glue for all your nameservers. This means that they are supplying the NS records ( host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of " ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.

 

NS

WARN  Nameservers on separate class C's

WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.

 

INFO     Nameservers versionsYour nameservers have the following versions:

               202.106.184.166: No version info available (refused).
               61.172.201.254 : No version info available (refused).
               202.108.44.55: No version info available (refused).   

 

WARN   Nameservers on separate class C's

 

WARNING: We cannot test to see if your nameservers are all on the same Class C (technically, /24) range, because the root servers are not sending glue. We plan to add such a test later, but today you will have to manually check to make sure that they are on separate Class C ranges. Your nameservers should be at geographically dispersed locations. You should not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary nameserver location.

 

SOA  WARN   SOA MNAME Check

WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: sina.com. . However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.         

WARN   SOA REFRESH value

WARNING: Your SOA REFRESH interval is : 900 seconds. This seems low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

WARN   SOA MINIMUM TTL value

WARNING: Your SOA MINIMUM TTL is : 300 seconds. This seems low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

 

  规范等级:低

 

 

2、  sohu.com

 

http://www.dnsstuff.com/tools/dnsreport.ch?domain=sohu.com

 

Parent

INFONS records at parent serversYour NS records at the parent servers are:

dns.sohu.com. [61.135.131.86] [TTL=172800] [CN]
ns1.sohu.com. [61.135.131.1] [TTL=172800] [CN]
ns3.sohu.com. [220.181.26.168] [TTL=172800] [CN]
[These were obtained from a.gtld-servers.net]

NS   

WARN  Single Point of Failure

WARNING: Although you have at least 2 NS records, and they appear to point to different physical servers, it appears that they block the ICMP packets used as part of our test, which means that they may share the same firewall. If they share the same firewall, this results in a single point of failure, which could cause all your DNS servers to be unreachable.

 

INFO   Nameservers versionsYour nameservers have the following versions:

61.135.131.86: " "
61.135.131.1: " "
220.181.26.168: " "

SOA

FAILSOA MINIMUM TTL value

WARNING: Your SOA MINIMUM TTL is : 60 seconds. This seems very low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

  规范等级:高

 

 

3163.com

http://www.dnsstuff.com/tools/dnsreport.ch?domain=163.com

 

Parent

INFO  NS records at parent serversYour NS records at the parent servers are:

ns.nease.net. [202.106.185.75] [TTL=172800] [CN]
ns3.nease.net. [220.181.28.3] [TTL=172800] [CN]
[These were obtained from a.gtld-servers.net ]

 

NS

INFO  Nameservers versions  Your nameservers have the following versions:

    202.106.185.75: "9.2.3"
    220.181.28.3: "9.2.3"

 

SOA

FAILNS agreement on SOA Serial #

ERROR: Your nameservers disagree as to which version of your DNS is the latest (20011937 versus 20011938). This is OK if you have just made a change recently, and your secondary DNS servers haven't yet received the new information from the master. I will continue the report, assuming that 20011938 is the correct serial #. The serial numbers reported by each DNS server are:
202.106.185.75: 20011938
220.181.28.3: 20011937

 

WARN  SOA Serial Number

WARNING: Your SOA serial number is: 20011938. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2006, you would use 2006050203. This number must be incremented every time you make a DNS change.

 

 规范等级:中

 

nease.net

http://www.dnsstuff.com/tools/dnsreport.ch?domain=nease.net

 

Parent

INFO  NS records at parent serversYour NS records at the parent servers are:

       ns.nease.net. [202.106.185.75] [TTL=172800] [CN]
       ns3.nease.net. [220.181.28.3] [TTL=172800] [CN]
[These were obtained from j.gtld-servers.net]

 

 

NS

INFO  Nameservers versions   Your nameservers have the following versions:

     202.106.185.75: "9.2.3"
     220.181.28.3: "9.2.3"

 

SOA

WARN    SOA Serial Number

WARNING: Your SOA serial number is: 991160. That is OK, but the recommended format (per RFC1912 2.2) is YYYYMMDDnn, where 'nn' is the revision. For example, if you are making the 3rd change on 02 May 2006, you would use 2006050203. This number must be incremented every time you make a DNS change.

 

WARN    SOA EXPIRE value

WARNING: Your SOA EXPIRE time is : 3600000 seconds. This seems a bit high. You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

 

 

规范等级:中

 

4、  tom.com

http://www.dnsstuff.com/tools/dnsreport.ch?domain=tom.com

 

Parent

   INFO  NS records at parent serversYour NS records at the parent servers are:

     brown.hutchcity.com. [202.45.84.67] [TTL=172800] [HK]
     edns.wyith.net. [202.181.240.44] [TTL=172800] [HK]
     ns1.tom.com. [61.135.159.46] [TTL=172800] [CN]
     ns2.tom.com. [61.135.159.47] [TTL=172800] [CN]
[These were obtained from f.gtld-servers.net ]

 

NS

 

FAILOpen DNS servers

ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server 202.45.84.67 reports that it will do recursive lookups. [ test] Server 202.181.240.44 reports that it will do recursive lookups. [ test] Server 61.135.159.46 reports that it will do recursive lookups. [ test] Server 61.135.159.47 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.

 

FAIL   Lame nameservers

ERROR: You have one or more lame nameservers. These are nameservers that do NOT answer authoritatively for your domain. This is bad; for example, these nameservers may never get updated. The following nameservers are lame:
202.45.84.67

 

FAIL   Missing nameservers 2

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
brown.hutchcity.com.
edns.wyith.net.

WARN  All nameservers report identical NS records

WARNING: Your nameservers report somewhat different answers for your NS records (varying TTL, for example).

 

INFO   Nameservers versions   Your nameservers have the following versions:

         202.45.84.67: "8.3.4-REL"
         202.181.240.44: "4.9.6-REL"

         61.135.159.46: "TOM.COM DNS Server 2.00"
         61.135.159.47 : "TOM.COM DNS Server 2.00"

 

 

规范等级:低

 

 

 

5qq.com

http://www.dnsstuff.com/tools/dnsreport.ch?domain=qq.com

 

Parent

INFO  NS records at parent serversYour NS records at the parent servers are:

dns1.imok.net. [219.133.40.202] [TTL=172800] [CN]
dns2.imok.net. [61.152.100.5] [TTL=172800] [CN]
[These were obtained from e.gtld-servers.net ]

 

NS

  WARN  Single Point of Failure

WARNING: Although you have at least 2 NS records, there is a chance that they may both point to the same server (one of our two tests shows them being different, the other is unsure; it appears that there are one or more firewall(s) that intercept and alter DNS packets (some versions of Linux reportedly have a built-in firewall that does this, too)), which would result in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

 

INFO   Nameservers versions    Your nameservers have the following versions:

       219.133.40.202: "9.3.2"
       61.152.100.5: "9.3.0rc4"

 

 

SOA

 

WARN  SOA MNAME Check

WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: qq.com.. However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.

WARN  SOA REFRESH value

WARNING: Your SOA REFRESH interval is : 300 seconds. This seems low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

WARN  SOA EXPIRE value

WARNING: Your SOA EXPIRE time is : 86400 seconds. This seems a bit low. You should consider increasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

 

规范等级:低

 

Imok.net

http://www.dnsstuff.com/tools/dnsreport.ch?domain=imok.net

 

Parent

INFO   NS records at parent serversYour NS records at the parent servers are:

dns1.imok.net. [219.133.40.202] [TTL=172800] [CN]
dns2.imok.net. [61.152.100.5] [TTL=172800] [CN]
[These were obtained from j.gtld-servers.net ]

 

NS

  WARN  Single Point of Failure

WARNING: Although you have at least 2 NS records, there is a chance that they may both point to the same server (one of our two tests shows them being different, the other is unsure; it appears that there are one or more firewall(s) that intercept and alter DNS packets (some versions of Linux reportedly have a built-in firewall that does this, too)), which would result in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

 

INFO   Nameservers versions   Your nameservers have the following versions:

          219.133.40.202: "9.3.2"
          61.152.100.5: "9.3.0rc4"

 

SOA

 

WARN   SOA MNAME Check

WARNING: Your SOA (Start of Authority) record states that your master (primary) name server is: imok.net. . However, that server is not listed at the parent servers as one of your NS records! This is probably legal, but you should be sure that you know what you are doing.

 

WARN   SOA REFRESH value

WARNING: Your SOA REFRESH interval is : 360 seconds. This seems low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

WARN   SOA EXPIRE value

WARNING: Your SOA EXPIRE time is : 3600000 seconds. This seems a bit high. You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

 

规范等级:低

 

 

6、  baidu.com

http://www.dnsstuff.com/tools/dnsreport.ch?domain=baidu.com

 

Parent

INFONS records at parent serversYour NS records at the parent servers are:

dns.baidu.com. [202.108.250.228] [TTL=172800] [CN]
ns2.baidu.com. [202.108.249.147] [TTL=172800] [CN]
ns3.baidu.com. [220.181.27.61] [TTL=172800] [CN]
ns4.baidu.com. [220.181.27.62] [TTL=172800] [CN]
[These were obtained from m.gtld-servers.net]

 

NS

FAIL Missing (stealth) nameservers

FAIL: You have one or more missing (stealth) nameservers. The following nameserver(s) are listed (at your nameservers) as nameservers for your domain, but are not listed at the parent nameservers (therefore, they may or may not get used, depending on whether your DNS servers return them in the authority section for other requests, per RFC2181 5.4.1). You need to make sure that these stealth nameservers are working; if they are not responding, you may have serious problems! The DNS Report will not query these servers, so you need to be very careful that they are working properly.

ns1.baidu.com.
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

 

WARN   TCP Allowed

WARNING: One or more of your DNS servers does not accept TCP connections. Although rarely used, TCP connections are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems. The problem servers are:

    202.108.249.147: Error [No response to TCP packets].

220.181.27.61: Error [No response to TCP packets]. 220.181.27.62: Error [No response to TCP packets].

WARN   Single Point of Failure

WARNING: Although you have at least 2 NS records, there is a chance that they may both point to the same server (one of our two tests shows them being different, the other is unsure; it appears that there are one or more firewall(s) that intercept and alter DNS packets (some versions of Linux reportedly have a built-in firewall that does this, too)), which would result in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.

INFO  Nameservers versions     Your nameservers have the following versions:

         202.108.250.228: "diy by bind"
         202.108.249.147: "9.2.1 "
         220.181.27.61: "9.2.1"
         220.181.27.62: "9.2.1"

FAIL  Stealth NS record leakage

Your DNS servers leak stealth information in non-NS requests:
Stealth nameservers are leaked [ns1.baidu.com.]!

This can cause some serious problems (especially if there is a TTL discrepancy). If you must have stealth NS records (NS records listed at the authoritative DNS servers, but not the parent DNS servers), you should make sure that your DNS server does not leak the stealth NS records in response to other queries.

 

 

 

SOA

WARN   SOA REFRESH value

WARNING: Your SOA REFRESH interval is : 300 seconds. This seems low. You should consider increasing this value to about 3600-7200 seconds. RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours). A value that is too low will unncessarily increase Internet traffic.

WARN   SOA EXPIRE value

WARNING: Your SOA EXPIRE time is : 2592000 seconds. This seems a bit high. You should consider decreasing this value to about 1209600 to 2419200 seconds (2 to 4 weeks). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

 

规范等级:中

 

7、  google.com

http://www.dnsstuff.com/tools/dnsreport.ch?domain=google.com

 

Parent

   INFO   NS records at parent servers  Your NS records at the parent servers are:

   ns1.google.com. [216.239.32.10] [TTL=172800] [US]
   ns2.google.com. [216.239.34.10 ] [TTL=172800] [US]
   ns3.google.com. [ 216.239.36.10] [TTL=172800] [US]
   ns4.google.com . [216.239.38.10] [TTL=172800] [US]
[These were obtained from k.gtld-servers.net]

 

NS

  INFO  Nameservers versions   Your nameservers have the following versions:

   216.239.32.10: No version info available (refused).
   216.239.34.10: No version info available (refused).
   216.239.36.10: No version info available (refused).
   216.239.38.10: No version info available (refused).

SOA

   FAILSOA MINIMUM TTL value

WARNING: Your SOA MINIMUM TTL is : 60 seconds. This seems very low (unless you are just about to update your DNS). You should consider increasing this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

规范等级:中

免责声明

1、本人是文盲,以上内容文字均不认识,也看不懂是什么意思(包括但不限于对所以上之内容的识别、阅读、理解、分析、记忆等);

2、本人过去、现在以及将来都不认识本文中提及当事人,且自古以来与该相对人无利益关系;

3、本人昨天、今天以及明天都没有或者不准备去本文所述地点。本文表述之事与本人无关。

4、本人在此发文(包括但不限于汉字、拼音、拉丁字母、斯拉夫字母、日语假名、阿拉伯字母、单词、句子、图片、影像、录音、以及前述之各种任意组合等等)均为随意敲击键盘所出,用于检验本人电脑键盘录入、屏幕显示的机械、光电性能,并不代表本人局部或全部同意、支持或者反对文中观点。如需要详查请直接与键盘发明者及生产厂商法人代表联系;

5、人生有风险,上网需谨慎。本文不暗示、鼓励、支持或映射读者作出生活方式、工作态度、婚姻交友、股票债券买卖、子女教育的积极或消极判断。未成年人请在监护人陪同下阅读本文。无完全民事行为能力者,请立即关闭网页,并用20%高锰酸钾+75%乙醇对键盘、硬盘、电压插座、显示器、鼠标、cpu进行灌溉消毒;

6、如本人留言违反国家有关法律,请网络管理员及时删除本文,本人保留继续发文的权利;

7、因删贴不及时所产生的任何法律(包括宪法、加法、减法、乘法、除法、剑法、拳法、脚法、指法、民法、刑法、书法、公检法、基本法、劳动法、婚姻法、输入法、没办法、国际法、今日说法、吸星大法及文中涉及或可能涉及以及未涉及之法,各地治安管理条例)纠纷或责任本人概不负责;

8、本人谢绝任何跨省(包括但不限于跨国、跨洲、跨星球、跨星系)追捕行为。确因不抓不足以平民愤,或不抓就领不到薪水养家户口的公职人员,建议携带工作证、身份证、结婚证/离婚证、独生子女证、健康证、暂住证、毕业证、边防证、县以上政府机关出具的介绍信温情操作。抓捕按照以下排序倒序:作者、原作者以及网络管理员以及网络运行商、电信运营商、电力供应商、电脑生产销售商.