DNS Spy
Connectivity: 86%
The following nameservers are available and responding correctly for DNS queries for your domain duikt.com.
| Nameserver | IP address(es) | SOA serial |
|---|---|---|
| nsg1.namebrightdns.com. | 44.205.15.94 | 2024042701 |
| nsg2.namebrightdns.com. | 3.85.91.237 | 2024042701 |
We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.
- No IPv6 reachable nameservers were found. Users on IPv6-only networks are unable to reach you.
We could not find any recommendations at this time.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- All nameservers reply with the same SOA serial number.
- The nameserver IPs are distributed across multiple subnets.
- All nameservers are online.
- Nameservers are available over IPv4.
Performance: 100%
We tested each nameserver and measured the following response times.
| Nameserver | IP address(es) | Response time |
|---|---|---|
| nsg1.namebrightdns.com. | 44.205.15.94 | 103ms |
| nsg2.namebrightdns.com. | 3.85.91.237 | 99ms |
Good news, no warnings or errors were found.
We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.
- Nameserver nsg1.namebrightdns.com. (44.205.15.94) replied reasonably fast (< 150ms), but you should aim for < 50ms response times.
- Nameserver nsg2.namebrightdns.com. (3.85.91.237) replied reasonably fast (< 150ms), but you should aim for < 50ms response times.
We could not find any recommendations at this time.
Resilience & Security: 50%
These are the locations and providers of your nameservers.
| Nameserver | Location | ISP |
|---|---|---|
| nsg1.namebrightdns.com. | IPv4: US | AS14618 - AMAZON-AES, US |
| nsg2.namebrightdns.com. | IPv4: US | AS14618 - AMAZON-AES, US |
We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.
- All IPv4 nameservers are hosted by the same provider (AS14618 - AMAZON-AES, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
- All the nameservers are being operated from a single domain (namebrightdns.com). If that domain gets compromised or goes offline, the DNS will be unavailable. Consider spreading the nameservers across multiple domains.
We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.
- All IPv4 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
- No CAA records found. Consider adding CAA records, as it adds increased security by limiting which Certificate Authorities can issue certificates for this domain. (more info)
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- You have more than 1 nameserver.
- DNSSEC is enabled.
DNS records: 92%
Our scans detected the following publicly available DNS records.
| Record | TTL | Value | |
|---|---|---|---|
| CNAME | duikt.com | 3h | traff-2.hugedomains.com. |
| DNSKEY | duikt.com | 1h | ZSK | RSA/SHA-1 | TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEWmdo d1lZb010RG9mYW15d1l6N2lqTmRaSTBwZzM1QytJSGUzekhLdmZrYk5C UllQT3hJMmNpdE5kbFpvM1JhYXFyTkRYS1J1ZG5QQm1Rb2NrbkJkSk0x OUE2YXc4NlRucVZRYjV6TE9SUzc4ckVXK2dTWjYvaWxTS1VLWEhVdkZY YmkvSmRqaFNvSy8wcVU3cVBIbUxQTUFxV25iK3krZnJwR3RVb2xyb3pR SURBUUFC |
| NS | duikt.com | 3h |
nsg1.namebrightdns.com. nsg2.namebrightdns.com. |
| SOA | duikt.com | 3h | ns1.namebrightdns.com. dns.namebright.com. 2024042701 28800 5000 1209600 10800 |
| TXT | duikt.com | 3h | "v=spf1 -all" |
| CNAME | *.duikt.com | 3h | traff-5.hugedomains.com. |
| CNAME | mail.duikt.com | 3h | traff-1.hugedomains.com. |
| CNAME | www.duikt.com | 3h | traff-2.hugedomains.com. |
We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.
- We detected a www record, but no record for your root. Consider adding a DNS record for "duikt.com" as an A record.
We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.
- No DMARC records have been found. Consider configuring DMARC for improved e-mail authentication.
- No DNS record found on your zone apex (duikt.com). Consider adding a DNS record for "duikt.com" as an A record.
- No IPv6 record has been found on the zone apex (duikt.com). Consider enabling IPv6 in the infrastructure by adding an AAAA record on this domain.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- The NS records have a long TTL (1h+).
- Your SOA serial number follows the best practice YYYYMMDDxx format.
- SPF records have been found.
- SPF records are set up restrictively.
- Found a www DNS record.
- The active nameservers match the NS records.
- The DNS records appear to be RFC compliant.
Have a look at other public DNS scans.