DNS report for matrix.org

This report was generated 6d ago. Refresh?
B
Connectivity
100%
Performance
100%
Resilience & Security
20%
DNS records
95%
Proud of your DNS score? Share it with the world!

Connectivity: 100%

The following nameservers are available and responding correctly for DNS queries for your domain matrix.org.

Nameserver IP address(es) SOA serial
derek.ns.cloudflare.com. 173.245.59.154
2400:cb00:2049:1::adf5:3b9a
2030702002
laura.ns.cloudflare.com. 173.245.58.183
2400:cb00:2049:1::adf5:3ab7
2030702002

Good news, no warnings or errors were found.

We could not find any recommendations at this time.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • All nameservers reply with the same SOA serial number.
  • The nameserver IPs are distributed across multiple subnets.
  • All nameservers are online.
  • Nameservers are available over IPv4.
  • Nameservers are available over IPv6.

Performance: 100%

We tested each nameserver and measured the following response times.

Nameserver IP address(es) Response time
derek.ns.cloudflare.com. 173.245.59.154
2400:cb00:2049:1::adf5:3b9a
7ms
8ms
laura.ns.cloudflare.com. 173.245.58.183
2400:cb00:2049:1::adf5:3ab7
13ms
19ms

Good news, no warnings or errors were found.

We could not find any recommendations at this time.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • Nameserver derek.ns.cloudflare.com. (173.245.59.154) replied quickly (< 50ms).
  • Nameserver derek.ns.cloudflare.com. (2400:cb00:2049:1::adf5:3b9a) replied in a reasonable time.
  • Nameserver laura.ns.cloudflare.com. (173.245.58.183) replied quickly (< 50ms).
  • Nameserver laura.ns.cloudflare.com. (2400:cb00:2049:1::adf5:3ab7) replied in a reasonable time.

Resilience & Security: 20%

These are the locations and providers of your nameservers.

Nameserver Location ISP
derek.ns.cloudflare.com. IPv4: US
IPv6: US
AS13335 - CLOUDFLARENET - Cloudflare, Inc., US
AS13335 - CLOUDFLARENET - Cloudflare, Inc., US
laura.ns.cloudflare.com. IPv4: US
IPv6: US
AS13335 - CLOUDFLARENET - Cloudflare, Inc., US
AS13335 - CLOUDFLARENET - Cloudflare, Inc., US

We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.

  • All IPv4 nameservers are hosted by the same provider (AS13335 - CLOUDFLARENET - Cloudflare, Inc., US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
  • All IPv6 nameservers are hosted by the same provider (AS13335 - CLOUDFLARENET - Cloudflare, Inc., US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
  • No DNSSEC records found. Consider enabling DNSSEC, as it provides a way to validate DNS responses for data integrity.
  • All the nameservers are being operated from a single domain (cloudflare.com). If that domain gets compromised or goes offline, the DNS will be unavailable. Consider spreading the nameservers across multiple domains.

We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.

  • All IPv4 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
  • All IPv6 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
  • No CAA records found. Consider adding CAA records, as it adds increased security by limiting which Certificate Authorities can issue certificates for this domain. (more info)

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • You have more than 1 nameserver.

DNS records: 95%

Our scans detected the following publicly available DNS records.

Record TTL Value
A matrix.org 5m 104.20.20.236
104.20.21.236
AAAA matrix.org 5m 2606:4700:10::6814:14ec
2606:4700:10::6814:15ec
MX matrix.org 5m 10 polemos.matrix.org.
20 zelus.matrix.org.
NS matrix.org 24h derek.ns.cloudflare.com.
laura.ns.cloudflare.com.
SOA matrix.org 1h derek.ns.cloudflare.com. dns.cloudflare.com. 2030702002 10000 2400 604800 3600
TXT matrix.org 5m "google-site-verification=WtVGAosO4JrjN_QGtENIbAEMcy5Dk7t6hcC4yQ5KC7A"
"v=spf1 mx ip4:94.237.46.156 ip6:2a04:3544:1000:1510:6866:a4ff:fe4c:7170 ip4:94.237.52.96 ip6:2a04:3541:1000:500:6866:a4ff:fe4c:7cce -all"
TXT _dmarc.matrix.org 5m "v=DMARC1\; p=none\; pct=100\; rua=mailto:dmarc-rua@matrix.org"
A git.matrix.org 5m 104.20.200.37
104.20.201.37
AAAA git.matrix.org 5m 2606:4700:10::6814:c825
2606:4700:10::6814:c925
CNAME imap.matrix.org 5m polemos.matrix.org.
CNAME smtp.matrix.org 5m polemos.matrix.org.
CNAME webmail.matrix.org 5m polemos.matrix.org.
A www.matrix.org 5m 104.20.20.236
104.20.21.236
AAAA www.matrix.org 5m 2606:4700:10::6814:14ec
2606:4700:10::6814:15ec

We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.

  • Consider giving the MX record for "matrix.org" a longer TTL, as those don't change often (1h+).

We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.

  • You have DMARC records configured, but the "p=none" policy only triggers reports to your e-mail address, the receiver is instructed to not take actions.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • The root DNS records points to multiple IPs using Round Robin.
  • Multiple MX records found.
  • MX records with different priorities found (main + fall-back mailservers).
  • The MX records points to multiple mailservers.
  • The NS records have a long TTL (1h+).
  • Your SOA serial number follows the best practice YYYYMMDDxx format.
  • SPF records have been found.
  • SPF records are set up restrictively.
  • DMARC records have been found.
  • Found a root (apex) DNS record.
  • Found a www DNS record.
  • Found an IPv6 root DNS record.
  • The active nameservers match the NS records.
  • The DNS records appear to be RFC compliant.
Proud of your DNS score? Share it with the world!

 

Have a look at other public DNS scans.