Input a domain name (example: godaddy.com) and click "Run Report" button.
DNS report for antena3.ro
- Parent Section
- NS Section ( 3 warns )
- SOA Section ( 1 warns )
- MX Section ( 1 warns )
- Mail Section ( 2 warns )
- Web Section
| Parent | Status | Message |
|---|---|---|
| NS Records at Parent Servers | pass | OK. We have successfully fetched domain's NS records from parent nameserver (ns-ext.isc.org). Domain NS records:
|
| Missing Glue | pass | OK. Parent nameservers are offering glue for domain's nameservers. We received nameservers list and it's IP addresses from parent nameserver (ns-ext.isc.org). No extra lookup will be necessary to retrieve nameserver's IP addresses. |
| DNS Servers Have A Records | pass | OK. Found A records for all nameservers. To reach your nameservers an A record is needed for each nameserver. |
| NS | Status | Message |
| Check NS Records | pass | OK. Your nameservers returned 3 NS records:
|
| All Nameservers Responded | pass | OK. All your nameservers responded. We queried domain's records from all of your nameservers and we received them successfully. |
| Glue Missmatch | pass | OK. No differences found. The glue provided by your parent servers should match the glue provided by your nameserves. |
| Allow Recursive Queries | pass | OK. Domain nameservers are not allowing recursive queries. On all nameservers which acts as caching nameservers recursive queries should be restricted to local networks. Having open DNS servers can lead to abuses such as cache poisoning and DOS (denial of service) attacks. |
| Check Nameservers Count | pass | OK. Domain has 3 nameservers. Recommended number, between 2 and 7 nameservers (RFC 2182 recommends to have at least 3 authoritative nameservers for domains). |
| Identical NS Records | pass | OK. All your nameservers reported identical NS records. Each nameserver should return identical NS records. |
| Check for Lame Nameservers | pass | OK. No lame nameservers found. All of your nameservers are configured to be either master or slave for your domain. |
| Check All IPs are Public | pass | OK. No private IPs found. Nameservers using private IPs can't be reached from the Internet causing DNS delays. |
| Nameservers Have A Records | pass | OK. Found A records for all nameservers. To reach your nameservers an A record is needed for each nameserver. |
| Nameservers Have Valid Names | pass | OK. All names are valid. Nameserver name should be a valid host name, no partial name or IP address. |
| Check for Stealth Nameservers | warn | WARNING:
Found stealth nameservers:
|
| Check for Missing Nameservers | pass | OK. No missing nameservers found. All nameservers returned by the parent nameservers should have an NS record at your nameservers. |
| No CNAME in NS Records | pass | OK. No CNAMEs found in NS records. RFC 1034 section 3.6.2 says if a name appears in the right-hand side of RR (Resource Record) it should not appear in the left-hand name of CNAME RR, thus CNAME records should not be used with NS and MX records. Despite this restriction, there are many working configuration using CNAME with NS and MX records. |
| Allow TCP connections | pass | OK. All nameservers are allowing TCP connections. When response to a DNS query exceeds 512 bytes, TCP is negotiated and used, all nameservers should allow TCP connections (port 53). |
| Nameservers on Separate Networks | warn | WARNING:
Found nameservers located on the same C class networks:
|
| Nameservers Versions | warn | WARNING:
Nameservers software versions are exposed:
Consult your nameserver's software documentation how to hide version, if you are using Bind set version option:
options {
version "unknown";
};
|
| SOA | Status | Message |
| Check SOA Record | pass | OK. Domain SOA Record:
|
| Nameservers Agreement on Serial Number | pass | OK. All nameservers (3) have the same serial number [2011102501]. Having different serials on your nameservers may show inconsistencies between nameservers configuration (multiple masters), or communication errors (ACL and firewall issues). |
| SOA Number Format | pass | OK. Serial number format OK [2011102501]. Your serial number is following general convention for serial number YYYYMMDDnn, where YYYY is four-digit year number, MM is the month, DD is the day and nn is the sequence number in case zone file is updated more than once per day. |
| SOA Rname | pass | OK. Contact email for DNS problems is webmaster@antena3.ro (webmaster.antena3.ro). RNAME field defines an administrative email for your zone. RFC2142 recommends using hostmaster e-mail for this purpose, but any valid e-mail address can be used. |
| SOA Mname | pass | OK. Primary nameserver is nsa.antena3.ro and is listed at the parent nameservers. The MNAME field defines the Primary Master nameserver for the zone, this nameserver should be found in your NS records. |
| SOA Refresh | pass | OK. Refresh interval is 10800. Recommended values [1200 .. 43200] (20 min ... 12 hours). Refresh field from SOA record determines how quickly zone changes are propagated from master to slave. |
| SOA Retry | pass | OK. Retry interval is 3600. Recommended values [120 .. 7200] (2 minutes .. 2 hours). Retry field from SOA record defines how often slave should retry contacting master if connection to master failed during refresh. |
| SOA Expire | warn | WARNING: Expire interval is 86400. Recommended values [604800 .. 1209600] (1 week ... 2 weeks). Expiry defines zone expiration time in seconds after which slave must re-validate zone file, if contacting master fails then slave will stop responding to any queries. |
| SOA Minimum TTL | pass | OK. Minimum TTL value is 10800. Recommended values [3600 .. 86400] (1 hour ... 1 day). Expiry defines zone expiration time in seconds after which slave must re-validate zone file, if contacting master fails then slave will stop responding to any queries. |
| MX | Status | Message |
| Check MX Records | pass | OK. Your nameservers returned 1 MX records.
Domain MX records:
|
| Reverse Entries for MX records | pass | OK. All MX records have reverse DNS entries. All mail servers should have a reverse DNS (PTR) entry for each IP address (RFC 1912). Missing reverse DNS entries will make many mailservers to reject your e-mails or mark them as SPAM. |
| Check MX Records for Invalid Chars | pass | OK. No invalid characters found. Name field from MX records should be a valid host name. |
| Check MX Records IPs are Public | pass | OK. No private IPs found. Mailservers using private IPs can't be reached from the Internet causing mail delivery delays. |
| Check MX Records for Duplicates | pass | OK. No MX records duplicates (same IP addresses) found. Although technically valid, duplicate MX records have no benefits and can cause confusion. |
| Check for Multiple MX Records | warn | WARNING: Domain has only one MX record. Domains should have at least 2 mailservers, if the primary mailserver is unreachable the secondary will continue to receive domain's e-mails. Although many mailservers will retry to send e-mails up to 3 days, there is a chance that server administrators lowered this interval to a few hours and you may end up loosing your e-mails. |
| Only Host Names in MX Records | pass | OK. No IPs found in MX records. IP addresses are not allowed in MX records, only host names. |
| No CNAME in MX Records | pass | OK. No CNAMEs found in MX records. RFC 1034 section 3.6.2 says if a name appears in the right-hand side of RR (Resource Record) it should not appear in the left-hand name of CNAME RR, thus CNAME records should not be used with NS and MX records. Despite this restriction, there are many working configuration using CNAME with NS and MX records. |
| Reverse DNS Entries Resolves | pass | OK. All reverse DNS entries resolves. All IP's reverse DNS entries should resolve back to IP address (MX record's name -> IP -> IP Reverse -> IP). Many mailservers are configured to reject e-mails from IPs with inconsistent reverse DNS configuration. |
| RBL Check | pass | OK. Mailservers IPs are not blacklisted. Checks are made against zen.spamhaus.org and information is cached. |
| Check Google Apps Settings | pass | OK. Test ignored, domain is not using Google Apps. |
| Status | Message | |
| Connect to Mailservers | pass | OK. Successfully connected to all mailservers (1). To receive e-mails, mailservers should allow TCP connections on port 25. |
| Check SMTP Greeting | warn | WARNING:
The following mailservers don't have their host name in greetings:
|
| Accepts Postmaster Address | pass | OK. All mailservers accepts e-mails to postmaster@antena3.ro address.
|
| Accepts Abuse Address | pass | OK. All mailservers accepts e-mails to abuse@antena3.ro address:
|
| Open Relay Check | pass | OK. Mailservers are not open mail relays.
|
| Check SPF Record | warn | WARNING: Domain doesn't have SPF record. SPF (Sender Policy Framework) record is designed to prevent e-mail SPAM. Typical SPF record would be : v=spf1 a mx ~all or v=spf1 a mx include:_spf.google.com ~all if you are using Google Apps. |
| Web | Status | Message |
| Resolve Domain Name | pass | OK. Domain antena3.ro resolves to:
|
| Domain Name IPs are Public | pass | OK. No private IPs found for antena3.ro. Webservers using private IPs can't be reached from the Internet. |
| Resolve Domain WWW | pass | OK. Domain www.antena3.ro resolves to:
|
| Domain Name IPs are Public | pass | OK. No private IPs found for www.antena3.ro. Webservers using private IPs can't be reached from the Internet. |
Summary
A+
Score 10.0/10
- 42 Passed tests
- 7 Warnings
- 0 Problems that should be fixed
- nsb.antena3.ro
- nsc.antena3.ro
- nsa.antena3.ro
- mail.antena3.ro
-
89.36.27.40
Share