DNS Spy
Connectivity: 100%
The following nameservers are available and responding correctly for DNS queries for your domain gov.ky.
| Nameserver | IP address(es) | SOA serial |
|---|---|---|
| dns1.p04.nsone.net. |
198.51.44.4
2620:4d:4000:6259:7:4:0:1 |
1647448046 |
| dns2.p04.nsone.net. |
198.51.45.4
2a00:edc0:6259:7:4::2 |
1647448046 |
| dns3.p04.nsone.net. |
198.51.44.68
2620:4d:4000:6259:7:4:0:3 |
1647448046 |
| dns4.p04.nsone.net. |
198.51.45.68
2a00:edc0:6259:7:4::4 |
1647448046 |
Good news, no warnings or errors were found.
We could not find any recommendations at this time.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- All nameservers reply with the same SOA serial number.
- The nameserver IPs are distributed across multiple subnets.
- All nameservers are online.
- Nameservers are available over IPv4.
- Nameservers are available over IPv6.
Performance: 100%
We tested each nameserver and measured the following response times.
| Nameserver | IP address(es) | Response time |
|---|---|---|
| dns1.p04.nsone.net. |
198.51.44.4
2620:4d:4000:6259:7:4:0:1 |
31ms
31ms |
| dns2.p04.nsone.net. |
198.51.45.4
2a00:edc0:6259:7:4::2 |
1ms
3ms |
| dns3.p04.nsone.net. |
198.51.44.68
2620:4d:4000:6259:7:4:0:3 |
31ms
31ms |
| dns4.p04.nsone.net. |
198.51.45.68
2a00:edc0:6259:7:4::4 |
3ms
3ms |
Good news, no warnings or errors were found.
We could not find any recommendations at this time.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- Nameserver dns1.p04.nsone.net. (198.51.44.4) replied quickly (< 50ms).
- Nameserver dns1.p04.nsone.net. (2620:4d:4000:6259:7:4:0:1) replied in a reasonable time.
- Nameserver dns2.p04.nsone.net. (198.51.45.4) replied quickly (< 50ms).
- Nameserver dns2.p04.nsone.net. (2a00:edc0:6259:7:4::2) replied in a reasonable time.
- Nameserver dns3.p04.nsone.net. (198.51.44.68) replied quickly (< 50ms).
- Nameserver dns3.p04.nsone.net. (2620:4d:4000:6259:7:4:0:3) replied in a reasonable time.
- Nameserver dns4.p04.nsone.net. (198.51.45.68) replied quickly (< 50ms).
- Nameserver dns4.p04.nsone.net. (2a00:edc0:6259:7:4::4) replied in a reasonable time.
Resilience & Security: 40%
These are the locations and providers of your nameservers.
| Nameserver | Location | ISP |
|---|---|---|
| dns1.p04.nsone.net. |
IPv4: US
IPv6: US |
AS62597 - NSONE, US
AS62597 - NSONE, US |
| dns2.p04.nsone.net. |
IPv4: US
IPv6: US |
AS62597 - NSONE, US
AS62597 - NSONE, US |
| dns3.p04.nsone.net. |
IPv4: US
IPv6: US |
AS62597 - NSONE, US
AS62597 - NSONE, US |
| dns4.p04.nsone.net. |
IPv4: US
IPv6: US |
AS62597 - NSONE, US
AS62597 - NSONE, US |
We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.
- All IPv4 nameservers are hosted by the same provider (AS62597 - NSONE, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
- All IPv6 nameservers are hosted by the same provider (AS62597 - NSONE, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
- All the nameservers are being operated from a single domain (nsone.net). If that domain gets compromised or goes offline, the DNS will be unavailable. Consider spreading the nameservers across multiple domains.
We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.
- All IPv4 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
- All IPv6 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
- No CAA records found. Consider adding CAA records, as it adds increased security by limiting which Certificate Authorities can issue certificates for this domain. (more info)
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- You have more than 1 nameserver.
- DNSSEC is enabled.
DNS records: 100%
Our scans detected the following publicly available DNS records.
| Record | TTL | Value | |
|---|---|---|---|
| A | gov.ky | 20s |
62.115.252.67 80.239.137.145 |
| AAAA | gov.ky | 20s |
2001:2030:21::3e73:fc43 2001:2030:21::50ef:8991 |
| DNSKEY | gov.ky | 1h |
ZSK | ECDSA Curve P-256 with SHA-256 | pxEUulkf8UZtE9fy2+4wJwM44xncypgGVps4hE4kQGA5TuC/XJPoKBX6 e3B/QL9AmwFCgyFeC4uRNxoqxK0xOg== KSK | ECDSA Curve P-256 with SHA-256 | t+4DPP+MFZ0Cr7gAXiDYv6HTyXzq/O2ESVRLc/ysuh5xBXKIsjsj5baV 1HzhBNo2F7mbsevsEo0/6UEL8+JBmA== |
| MX | gov.ky | 12h |
10 mail.gov.ky. 10 mail2.gov.ky. |
| NS | gov.ky | 12h |
dns1.p04.nsone.net. dns2.p04.nsone.net. dns3.p04.nsone.net. dns4.p04.nsone.net. |
| SOA | gov.ky | 1h | dns1.p04.nsone.net. hostmaster.nsone.net. 1647448046 21601 3600 1209600 43200 |
| TXT | gov.ky | 900s |
"13Feb2023" "MS=8CC74676981B22BC1C0B9B4771A692845152AC46" "MS=ms80328085" "atlassian-domain-verification=qo546A7j7wayr4DNgWI1SEW8jHX45oKK6lhd3umgvkmkcN1CHFyqTuPUcHS6kZED" "v=spf1 ip4:208.157.148.14 ip4:209.27.55.194 ip4:209.27.55.193 ip4:208.168.230.31 -all" |
| SRV | _autodiscover._tcp.gov.ky | 12h | 0 0 443 eas.gov.ky. |
| TXT | _dmarc.gov.ky | 1h | "v=DMARC1; p=reject; sp=reject; pct=100; ruf=mailto:[email protected]; fo=1" |
| SRV | _sip._tcp.gov.ky | 12h | 10 10 5060 expe.gov.ky. |
| SRV | _sip._tls.gov.ky | 12h | 0 0 443 sip.gov.ky. |
| SRV | _sipfederationtls._tcp.gov.ky | 12h | 0 0 5061 sip.gov.ky. |
| SRV | _sips._tcp.gov.ky | 12h | 10 10 5061 expe.gov.ky. |
| A | autodiscover.gov.ky | 12h | 208.157.148.11 |
| A | eas.gov.ky | 12h | 208.157.148.11 |
| A | expe.gov.ky | 12h | 208.157.148.107 |
| A | ftp.gov.ky | 12h | 208.157.148.36 |
| A | lyncdiscover.gov.ky | 12h | 162.211.139.141 |
| A | mail.gov.ky | 12h | 208.157.148.14 |
| A | mail2.gov.ky | 12h | 209.27.55.194 |
| A | ns.gov.ky | 12h | 208.157.148.12 |
| A | ns2.gov.ky | 12h | 209.27.55.202 |
| A | ops.gov.ky | 12h | 209.27.55.196 |
| A | sip.gov.ky | 12h | 162.211.139.140 |
| CNAME | support.gov.ky | 1h | govky.zendesk.com. |
| A | webmail.gov.ky | 12h | 208.157.148.13 |
| CNAME | www.gov.ky | 12h | oce.gov.ky.edgekey.net. |
Good news, no warnings or errors were found.
We could not find any recommendations at this time.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- The root DNS records points to multiple IPs using Round Robin.
- Multiple MX records found.
- MX records with different priorities found (main + fall-back mailservers).
- The MX record for "gov.ky" has a long TTL (1h+).
- The MX records points to multiple mailservers.
- The NS records have a long TTL (1h+).
- Your SOA serial number follows the best practice YYYYMMDDxx format.
- SPF records have been found.
- SPF records are set up restrictively.
- DMARC records have been found.
- DMARC records are set up restrictively.
- Found a root (apex) DNS record.
- Found a www DNS record.
- Found an IPv6 root DNS record.
- The active nameservers match the NS records.
- The DNS records appear to be RFC compliant.
Have a look at other public DNS scans.