DNS report for digid.nl

This report was generated 5d ago. Refresh?
A+
Connectivity
100%
Performance
100%
Resilience & Security
100%
DNS records
100%
Proud of your DNS score? Share it with the world!

Connectivity: 100%

The following nameservers are available and responding correctly for DNS queries for your domain digid.nl.

Nameserver IP address(es) SOA serial
ns1.rijksoverheidnl.nl. 178.22.85.27
2a00:d00:3:6::130
2020011405
ns2.rijksoverheidnl.eu. 94.228.142.136
2a00:d01:3:1::20
2020011405
ns3.rijksoverheidnl.org. 145.100.177.67
2001:610:188:203:3:1:0:67
2020011405
ns4.rijksoverheidnl.com. 192.110.255.70
2606:700:1c:3:1::130
2020011405

Good news, no warnings or errors were found.

We could not find any recommendations at this time.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • All nameservers reply with the same SOA serial number.
  • The nameserver IPs are distributed across multiple subnets.
  • All nameservers are online.
  • Nameservers are available over IPv4.
  • Nameservers are available over IPv6.

Performance: 100%

We tested each nameserver and measured the following response times.

Nameserver IP address(es) Response time
ns1.rijksoverheidnl.nl. 178.22.85.27
2a00:d00:3:6::130
8ms
5ms
ns2.rijksoverheidnl.eu. 94.228.142.136
2a00:d01:3:1::20
5ms
5ms
ns3.rijksoverheidnl.org. 145.100.177.67
2001:610:188:203:3:1:0:67
5ms
5ms
ns4.rijksoverheidnl.com. 192.110.255.70
2606:700:1c:3:1::130
82ms
85ms

Good news, no warnings or errors were found.

We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.

  • Nameserver ns4.rijksoverheidnl.com. (192.110.255.70) replied reasonably fast (< 150ms), but you should aim for < 50ms response times.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • Nameserver ns1.rijksoverheidnl.nl. (178.22.85.27) replied quickly (< 50ms).
  • Nameserver ns1.rijksoverheidnl.nl. (2a00:d00:3:6::130) replied in a reasonable time.
  • Nameserver ns2.rijksoverheidnl.eu. (94.228.142.136) replied quickly (< 50ms).
  • Nameserver ns2.rijksoverheidnl.eu. (2a00:d01:3:1::20) replied in a reasonable time.
  • Nameserver ns3.rijksoverheidnl.org. (145.100.177.67) replied quickly (< 50ms).
  • Nameserver ns3.rijksoverheidnl.org. (2001:610:188:203:3:1:0:67) replied in a reasonable time.
  • Nameserver ns4.rijksoverheidnl.com. (2606:700:1c:3:1::130) replied in a reasonable time.

Resilience & Security: 100%

These are the locations and providers of your nameservers.

Nameserver Location ISP
ns1.rijksoverheidnl.nl. IPv4: NL
IPv6: NL
AS41887 - PROLOCATION Transit policy pref 100, NL
AS41887 - PROLOCATION Transit policy pref 100, NL
ns2.rijksoverheidnl.eu. IPv4: NL
IPv6: NL
AS41887 - PROLOCATION Transit policy pref 100, NL
AS41887 - PROLOCATION Transit policy pref 100, NL
ns3.rijksoverheidnl.org. IPv4: NL
IPv6: NL
AS1103 - SURFNET-NL SURFnet, The Netherlands, NL
AS1103 - SURFNET-NL SURFnet, The Netherlands, NL
ns4.rijksoverheidnl.com. IPv4: US
IPv6: US
AS54054 - DETEQUE - Deteque LLC, US
AS54054 - DETEQUE - Deteque LLC, US

Good news, no warnings or errors were found.

We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.

  • No CAA records found. Consider adding CAA records, as it adds increased security by limiting which Certificate Authorities can issue certificates for this domain. (more info)

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • You have more than 1 nameserver.
  • The IPv4 nameservers are distributed among multiple providers.
  • The IPv4 nameservers are distributed across multiple locations.
  • The IPv6 nameservers are distributed among multiple providers.
  • The IPv6 nameservers are distributed across multiple locations.
  • DNSSEC is enabled.
  • The nameservers are being operated from multiple domains (rijksoverheidnl.nl, rijksoverheidnl.eu, rijksoverheidnl.org, rijksoverheidnl.com).

DNS records: 100%

Our scans detected the following publicly available DNS records.

Record TTL Value
A digid.nl 4h 144.43.243.208
AAAA digid.nl 4h 2a04:9a00:1010:1900::a
DNSKEY digid.nl 1h ZSK | RSA/SHA-256 | AwEAAc4Sb2ho3+OMJndajUVDLZV5X8/cdI89+PCCPm35V+our4rRMsyx DoJqVCWBtkPkSKiCAa9vHZ3I+bvrGMxzf4444wct+fyrczjJjvf/AUa4 OX89YveB5licGzm60Zl4hPrQaNaDvGawlfqg1KFs8ij5oFSv4HmgfAwZ 9iQ5ezEH

ZSK | RSA/SHA-256 | AwEAAd2Ep4U2z4DjUl+NsFK4CtvMrIqVyY4s+SiOYk6Dq2/BvV1JWgrQ V8hj1Uz8x/GT5IzXUnaFBzQ3nmhQBxvC1tyJ8ZP01j3pbUi4LAtMoVrb PUdej6slYOJgSiWq7ALzzktGef5OhQSUWRyoequezYcanUB9lUbmcG5q a5Zv24Lv

KSK | RSA/SHA-256 | AwEAAcRf9ZQ7iCWKVEtnWH200ai9HSsKlw+45/JnRvJBgEQQIJ1OXI5N YLo/p0lymt2IPZ+cwp+SkTe19DgCD3B3jo6T+krRp/WdwwIimPKdknPs Jk/0ZONa/4usOR59kKCidJVj4abwRNWvzDQbIGk6xLfm44OzLXpvdFdm QkTCvZRkJSNMO0NnT/1gAklqN+Y+/dhAwzA9wNKXk7eQL6syA30/6B+s 2YesG6qEN9NfRrcSkhs6cM9BTURrfvi01dCnYnP479Pc8+UXISdrexOb IphcvVrtuPV4AtY5eR67ZWcoalPEackFuDXsKfXIlCh3UvJnmz1dbj7l UQv95so97iU=
MX digid.nl 4h 10 mxrelay1.overheid.nl.
10 mxrelay2.overheid.nl.
NS digid.nl 4h ns1.rijksoverheidnl.nl.
ns2.rijksoverheidnl.eu.
ns3.rijksoverheidnl.org.
ns4.rijksoverheidnl.com.
SOA digid.nl 1h ns1.rijksoverheidnl.nl. domeinnaam.minaz.nl. 2020011405 14400 7200 1209600 600
TXT digid.nl 4h "E-mail: kb_dd@logius.nl"
"Ketenbeheer DigiD Logius"
"v=spf1 include:spf1.digid.nl include:spf2.digid.nl include:_spf.intermax.nl -all"
TXT _dmarc.digid.nl 4h "v=DMARC1\; p=quarantine\; rua=mailto:dmarc.digid@logius.nl\; ruf=mailto:dmarc.digid@logius.nl\; fo=1\; adkim=r\; aspf=r\; rf=afrf\; sp=reject\; ri=3600"
A app.digid.nl 4h 144.43.243.217
AAAA app.digid.nl 4h 2a04:9a00:1010:1900::60
A cms.digid.nl 4h 46.22.185.73
AAAA cms.digid.nl 4h 2001:4c10:5:627::73
A test.digid.nl 4h 46.22.185.71
AAAA test.digid.nl 4h 2001:4c10:5:627::71
A www.digid.nl 4h 46.22.185.72
AAAA www.digid.nl 4h 2001:4c10:5:627::72

Good news, no warnings or errors were found.

We could not find any recommendations at this time.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • Multiple MX records found.
  • MX records with different priorities found (main + fall-back mailservers).
  • The MX record for "digid.nl" has a long TTL (1h+).
  • The MX records points to multiple mailservers.
  • The NS records have a long TTL (1h+).
  • Your SOA serial number follows the best practice YYYYMMDDxx format.
  • SPF records have been found.
  • SPF records are set up restrictively.
  • DMARC records have been found.
  • DMARC records are set up restrictively.
  • Found a root (apex) DNS record.
  • Found a www DNS record.
  • Found an IPv6 root DNS record.
  • The active nameservers match the NS records.
  • The DNS records appear to be RFC compliant.
Proud of your DNS score? Share it with the world!

 

Have a look at other public DNS scans.