DNS Spy
Connectivity: 100%
The following nameservers are available and responding correctly for DNS queries for your domain mentalhealthatwork.nsw.gov.au.
| Nameserver | IP address(es) | SOA serial |
|---|---|---|
| ns1-08.azure-dns.com. |
40.90.4.8
2603:1061:0:700::8 |
2019121701 |
| ns2-08.azure-dns.net. |
64.4.48.8
2620:1ec:8ec:700::8 |
2019121701 |
| ns3-08.azure-dns.org. |
204.14.183.8
2a01:111:4000:700::8 |
2019121701 |
| ns4-08.azure-dns.info. |
208.84.5.8
2620:1ec:bda:700::8 |
2019121701 |
Good news, no warnings or errors were found.
We could not find any recommendations at this time.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- All nameservers reply with the same SOA serial number.
- The nameserver IPs are distributed across multiple subnets.
- All nameservers are online.
- Nameservers are available over IPv4.
- Nameservers are available over IPv6.
Performance: 100%
We tested each nameserver and measured the following response times.
| Nameserver | IP address(es) | Response time |
|---|---|---|
| ns1-08.azure-dns.com. |
40.90.4.8
2603:1061:0:700::8 |
23ms
31ms |
| ns2-08.azure-dns.net. |
64.4.48.8
2620:1ec:8ec:700::8 |
19ms
39ms |
| ns3-08.azure-dns.org. |
204.14.183.8
2a01:111:4000:700::8 |
39ms
39ms |
| ns4-08.azure-dns.info. |
208.84.5.8
2620:1ec:bda:700::8 |
39ms
47ms |
Good news, no warnings or errors were found.
We could not find any recommendations at this time.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- Nameserver ns1-08.azure-dns.com. (40.90.4.8) replied quickly (< 50ms).
- Nameserver ns1-08.azure-dns.com. (2603:1061:0:700::8) replied in a reasonable time.
- Nameserver ns2-08.azure-dns.net. (64.4.48.8) replied quickly (< 50ms).
- Nameserver ns2-08.azure-dns.net. (2620:1ec:8ec:700::8) replied in a reasonable time.
- Nameserver ns3-08.azure-dns.org. (204.14.183.8) replied quickly (< 50ms).
- Nameserver ns3-08.azure-dns.org. (2a01:111:4000:700::8) replied in a reasonable time.
- Nameserver ns4-08.azure-dns.info. (208.84.5.8) replied quickly (< 50ms).
- Nameserver ns4-08.azure-dns.info. (2620:1ec:bda:700::8) replied in a reasonable time.
Resilience & Security: 67%
These are the locations and providers of your nameservers.
| Nameserver | Location | ISP |
|---|---|---|
| ns1-08.azure-dns.com. |
IPv4: US
IPv6: US |
AS8068 - MICROSOFT-CORP-MSN-AS-BLOCK, US
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US |
| ns2-08.azure-dns.net. |
IPv4: US
IPv6: US |
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US |
| ns3-08.azure-dns.org. |
IPv4: US
IPv6: GB |
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US |
| ns4-08.azure-dns.info. |
IPv4: US
IPv6: US |
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US |
We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.
- All IPv6 nameservers are hosted by the same provider (AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
- No DNSSEC records found. Consider enabling DNSSEC, as it provides a way to validate DNS responses for data integrity.
We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.
- All IPv4 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
- No CAA records found. Consider adding CAA records, as it adds increased security by limiting which Certificate Authorities can issue certificates for this domain. (more info)
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- You have more than 1 nameserver.
- The IPv4 nameservers are distributed among multiple providers.
- The IPv6 nameservers are distributed across multiple locations.
- The nameservers are being operated from multiple domains (azure-dns.com, azure-dns.net, azure-dns.org, azure-dns.info).
DNS records: 100%
Our scans detected the following publicly available DNS records.
| Record | TTL | Value | |
|---|---|---|---|
| A | mentalhealthatwork.nsw.gov.au | 1h |
15.197.216.122 3.33.241.178 |
| NS | mentalhealthatwork.nsw.gov.au | 1h |
ns1-08.azure-dns.com. ns2-08.azure-dns.net. ns3-08.azure-dns.org. ns4-08.azure-dns.info. |
| SOA | mentalhealthatwork.nsw.gov.au | 1h | ns1-08.azure-dns.com. azuredns-hostmaster.microsoft.com. 2019121701 3600 300 2419200 300 |
| TXT | _dmarc.mentalhealthatwork.nsw.gov.au | 1h | "v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:[email protected]; ruf=mailto:[email protected]" |
| A | www.mentalhealthatwork.nsw.gov.au | 1h |
15.197.216.122 3.33.241.178 |
Good news, no warnings or errors were found.
We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.
- No SPF records were found. SPF records limit which IPs are allowed to send mail from this domain. Even if this domain doesn't send e-mails, you should set up SPF to confirm it will never send e-mail, to prevent spoofing.
- No IPv6 record has been found on the zone apex (mentalhealthatwork.nsw.gov.au). Consider enabling IPv6 in the infrastructure by adding an AAAA record on this domain.
Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.
- The root DNS records points to multiple IPs using Round Robin.
- The NS records have a long TTL (1h+).
- Your SOA serial number follows the best practice YYYYMMDDxx format.
- DMARC records have been found.
- DMARC records are set up restrictively.
- Found a root (apex) DNS record.
- Found a www DNS record.
- The active nameservers match the NS records.
- The DNS records appear to be RFC compliant.
Have a look at other public DNS scans.