Results for checks on dnsoke.com

Results for checks on dnsoke.com

Category Test name   Informations
Parent Parent Zone The calculated parent zone for your domain is com.
Parent NS records The parent zone DNS server a.gtld-servers.net. says that your DNS are:
ns1.dnsoke.com. [Glue: 199.195.142.53] [TTL: 172800]
ns2.dnsoke.com. [Glue: 117.103.67.12] [TTL: 172800]
ns3.dnsoke.com. [Glue: 199.83.103.118] [TTL: 172800]
ns4.dnsoke.com. [Glue: 109.123.123.138] [TTL: 172800]
TLD Parent Check Good. a.gtld-servers.net., the parent server I asked for, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check.
Your nameservers are listed Good. The parent server a.gtld-servers.net. has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers.
Parent sent glue Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of all of your nameservers. Glue records are A records that are associated with NS records to provide bootstrapping information to the nameserver.(see RFC 1912 section 2.3).
DNS servers have A records All your DNS servers have A records at the zone parent servers. A records are required for your hostnames to ensure that other DNS servers can reach your DNS servers.
NS Your NS records Your DNS servers return the following NS records:
ns1.dnsoke.com.:
ns2.dnsoke.com. [IP: 117.103.67.12] [TTL: 86400]
ns1.dnsoke.com. [IP: 199.195.142.53] [TTL: 86400]
ns3.dnsoke.com. [IP: 199.83.103.118] [TTL: 86400]
ns4.dnsoke.com. [IP: 109.123.123.138] [TTL: 86400]
ns2.dnsoke.com.:
ns1.dnsoke.com. [IP: 199.195.142.53] [TTL: 86400]
ns3.dnsoke.com. [IP: 199.83.103.118] [TTL: 86400]
ns2.dnsoke.com. [IP: 117.103.67.12] [TTL: 86400]
ns4.dnsoke.com. [IP: 109.123.123.138] [TTL: 86400]
ns3.dnsoke.com.:
ns2.dnsoke.com. [IP: 117.103.67.12] [TTL: 86400]
ns4.dnsoke.com. [IP: 109.123.123.138] [TTL: 86400]
ns1.dnsoke.com. [IP: 199.195.142.53] [TTL: 86400]
ns3.dnsoke.com. [IP: 199.83.103.118] [TTL: 86400]
ns4.dnsoke.com.:
ns2.dnsoke.com. [IP: 117.103.67.12] [TTL: 86400]
ns4.dnsoke.com. [IP: 109.123.123.138] [TTL: 86400]
ns1.dnsoke.com. [IP: 199.195.142.53] [TTL: 86400]
ns3.dnsoke.com. [IP: 199.83.103.118] [TTL: 86400]
Open DNS servers All of your nameservers don't accept recursive queries. This is very good, since can cause problems (anyone could use them) and can cause Denial of Service attacks.
Mismatched glue All the glues sent by parent zone name servers are identical to the A records present in your DNS servers.
NS A records at nameservers Your nameservers do include A records when they are asked for your NS records. This ensures that your DNS servers know the A records of all your NS records.
All nameservers report identical NS records The NS records at all your nameservers are identical.
All nameservers respond All of your nameservers listed at the parent nameservers responded.
Nameserver name validity All of the NS records that your nameservers report seem valid hostnames.
Number of nameservers You have 4 nameservers. You must have at least 2 nameservers and no more than 7.
Lame nameservers All the nameservers listed at the parent servers answer authoritatively for your domain.
Missing (stealth) nameservers All of your nameservers are listed at the parent zone servers.
Missing (stealth) nameservers 2 All of the nameservers listed at the parent zone nameservers are listed as NS records at your nameservers.
No CNAMEs for domain There are no CNAMEs for dnsoke.com.. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present.
Nameservers on separate class C's You have nameservers on different Class C IP ranges. This is a must if you want to be found in the case of outage, or even worst, problems!
All NS IPs public All of your NS records appear to use public IPs.
TCP Allowed All your DNS servers allow TCP connections. TCP connections are occasionally used instead of UDP connections and can be blocked by firewalls. This can cause hard-to-diagnose problems.
SOA Your SOA records Your DNS servers return the following SOA records:
ns1.dnsoke.com.:
ns1.dnsoke.com. root.seattle2.serverspeedy.com. 2009082625 86400 7200 3600000 86400. [TTL: 86400]
ns2.dnsoke.com.:
ns1.dnsoke.com. root.seattle2.serverspeedy.com. 2009082625 86400 7200 3600000 86400. [TTL: 86400]
ns3.dnsoke.com.:
ns1.dnsoke.com. root.seattle2.serverspeedy.com. 2009082625 86400 7200 3600000 86400. [TTL: 86400]
ns4.dnsoke.com.:
ns1.dnsoke.com. root.seattle2.serverspeedy.com. 2009082625 86400 7200 3600000 86400. [TTL: 86400]
All same SOA All your nameserver respond with the same SOA record, wich is a great thing! The SOA record is:
Primary nameserver: ns1.dnsoke.com.
Hostmaster E-mail address: root.seattle2.serverspeedy.com.
Serial Number: 2009082625
Refresh: 86400
Retry: 7200
Expire: 3600000
Default TTL: 86400.
Same Serial Number All your nameservers agree that your SOA serial number is 2009082625. That means that all your nameservers are using the same identifier for the datas.
SOA Primary NS All your nameservers indicate ns1.dnsoke.com. as your primary nameserver, which is listed in the parent zone nameserver.
Hostmaster Email All your nameservers state that your hostmaster E-Mail address is root.seattle2.serverspeedy.com..
Serial Format Your SOA serial number is 2009082625. It appears to be in the format of YYYYMMDDnn (recommended), where 'nn' is the revision. Your DNS was last updated on 26 August 2009 and was revision 25.
REFRESH The SOA REFRESH value determines how often secondary nameservers check with the master nameserver for updates.Your SOA REFRESH value is 86400 seconds which is very high (about 3600-7200 seconds is good althought RFC1912 2.2 recommends a value between 1200 to 43200 seconds).
RETRY The retry value is the amount of time your secondary nameservers will wait to contact the master nameserver again if the last attempt failed.Your SOA RETRY interval is 7200 seconds and it seems normal (120-7200 seconds is ok).
EXPIRE The expire value is how long a secondary nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver. Your SOA EXPIRE value is 3600000 seconds which is very high (as suggested by RFC1912 a value between 1209600 to 2419200 seconds is good).
Default TTL The SOA DEFAULT TTL is used for negative caching, meaning that all the queries that don't have a valid response are cached for this amount of seconds. Your SOA DEFAULT TTL is: 86400 seconds and is normal (as suggested by RFC2308 a value between 3600 and 86400 seconds is ok).
MX Your MX records Your DNS servers return the following MX records:
ns1.dnsoke.com.:
10 dnsoke.com. [IP: 216.239.38.21] [TTL: 14400]
ns2.dnsoke.com.:
10 dnsoke.com. [IP: 216.239.34.21] [TTL: 14400]
ns3.dnsoke.com.:
10 dnsoke.com. [IP: 216.239.38.21] [TTL: 14400]
ns4.dnsoke.com.:
10 dnsoke.com. [IP: 216.239.34.21] [TTL: 14400]
Multiple MX records I found that you have only one MX record. If this mail server goes down this can cause mail delivery delays or even mail loss. This acceptable but consider increasing the number of your MXs.
Invalid characters It seems that all of your MX records use valid hostnames, without any invalid characters.
All MX IPs public All of your MX records appear to use public IPs.
MX records are not CNAMEs None of the lookups of your MX records did return CNAMEs.
MX A lookups have no CNAMEs Looking up for the A records of your MX servers i did not detect problems.
MX is host name, not IP All the MX records retrieved are host names. Using IP addresses in MX records is notallowed.
Differing MX-A records I have searched for differing IPs for your MX records between what are declaring your NS and the authoritative NS for the MX records. The check failed because
dnsoke.com.=216.239.34.21!=216.239.36.21in ns2.dnsoke.com. i can't find dnsoke.com.[216.239.38.21]
in ns4.dnsoke.com. i can't find dnsoke.com.[216.239.38.21]
in ns1.dnsoke.com. i can't find dnsoke.com.[216.239.34.21]
in ns3.dnsoke.com. i can't find dnsoke.com.[216.239.34.21]
Duplicate MX records I have checked and all your MX records are pointing to different IPs.
Reverse DNS entries for MX records All the IPs of your MX records have PTR entries, meaning it is possible to know their hostnames from the IP address. Many mailservers, accordingly to RFC1912 2.1, will not accept mail from mailservers with no PTR (reverse DNS) entry. The reverse DNS entries are
dnsoke.com. -> 216.239.34.21 -> any-in-2215.1e100.net
MAIL Connect to mail servers I was not able to connect to one or more of your mailservers (i use a 5 seconds timeout).
dnsoke.com.: Failed to connect to dnsoke.com.: Connection timed out (Timeout was 5secs)
Mail server host name in greeting I was not able to connect to one or more of your mailservers. The report of this test is:
dnsoke.com. Not connected
Spam recognition software and RFC821 4.3 (also RFC2821 4.3.1) state that the hostname given in the SMTP greeting MUST have an A record pointing back to the same server.
Acceptance of NULL <> sender I was not able to connect to one or more of your mail servers to check if they accept mail from "<>". RFC1123 5.2.9 requires all mailservers to receive mail from this kind of address, which is used in reject/bounce messages and return receipts. The report of the test is:
dnsoke.com. Not connected
Acceptance of postmaster address I was not able to connect to one or more of your mail servers to check if they accept mail to postmaster@dnsoke.com.. RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1 require all mailservers to accept mail to this kind of address. The report of the test is:
dnsoke.com. Not connected
Acceptance of abuse address I was not able to connect to one or more of your mail servers to check if they accept mail to postmaster@dnsoke.com.. RFC822 6.3, RFC1123 5.2.7, and RFC2821 4.5.1 require all mailservers to accept mail to this kind of address. The report of the test is:
dnsoke.com. Not connected
Acceptance of domain literals I was not able to connect to one or more of your mail servers to check if they accept mail to postmaster@[ip_address] (Literal format). RFC1123 5.2.17 require all mailservers to accept mail to this kind of address. The report of the test is:
dnsoke.com. Not connected
Open relay test I was not able to connect to one or more of your mail servers to check if they closed to external domain relaying. The report of the test is:
dnsoke.com. Not connected
SPF record You don't have a SPF record for the domain dnsoke.com., meaning that you are not using the protection given from this kind of technology. This is only a warning, but please consider in implementing it!
WWW WWW Record I have asked your DNS server for www.dnsoke.com. but i did not receive an IP address (maybe i received a CNAME...), however these are the records i received:
www.dnsoke.com. = CNAME pub-8974062714492606.afd.ghs.google.com.
All WWW IPs public I have no ip addresses to check
CNAME Lookup There is one or more CNAMEs record pointing to www.dnsoke.com.. This can cause extra bandwidth usage since the resolution of www.dnsoke.com. is done in multiple steps. However this is only a warning!