DNS report for sagorski.org

This report was generated 1 month ago. Refresh?
B
Connectivity
100%
Performance
100%
Resilience & Security
50%
DNS records
94%
Proud of your DNS score? Share it with the world!

Connectivity: 100%

The following nameservers are available and responding correctly for DNS queries for your domain sagorski.org.

Nameserver IP address(es) SOA serial
charles.ns.cloudflare.com. 108.162.193.83
2606:4700:58::adf5:3b53
2275853862
mia.ns.cloudflare.com. 108.162.192.200
2606:4700:50::adf5:3ac8
2275853862

Good news, no warnings or errors were found.

We could not find any recommendations at this time.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • All nameservers reply with the same SOA serial number.
  • The nameserver IPs are distributed across multiple subnets.
  • All nameservers are online.
  • Nameservers are available over IPv4.
  • Nameservers are available over IPv6.

Performance: 100%

We tested each nameserver and measured the following response times.

Nameserver IP address(es) Response time
charles.ns.cloudflare.com. 108.162.193.83
2606:4700:58::adf5:3b53
19ms
15ms
mia.ns.cloudflare.com. 108.162.192.200
2606:4700:50::adf5:3ac8
15ms
15ms

Good news, no warnings or errors were found.

We could not find any recommendations at this time.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • Nameserver charles.ns.cloudflare.com. (108.162.193.83) replied quickly (< 50ms).
  • Nameserver charles.ns.cloudflare.com. (2606:4700:58::adf5:3b53) replied in a reasonable time.
  • Nameserver mia.ns.cloudflare.com. (108.162.192.200) replied quickly (< 50ms).
  • Nameserver mia.ns.cloudflare.com. (2606:4700:50::adf5:3ac8) replied in a reasonable time.

Resilience & Security: 50%

These are the locations and providers of your nameservers.

Nameserver Location ISP
charles.ns.cloudflare.com. IPv4: US
IPv6: US
AS13335 - CLOUDFLARENET, US
AS13335 - CLOUDFLARENET, US
mia.ns.cloudflare.com. IPv4: US
IPv6: US
AS13335 - CLOUDFLARENET, US
AS13335 - CLOUDFLARENET, US

We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.

  • All IPv4 nameservers are hosted by the same provider (AS13335 - CLOUDFLARENET, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
  • All IPv6 nameservers are hosted by the same provider (AS13335 - CLOUDFLARENET, US). Consider spreading the nameservers across multiple DNS providers for increased redundancy.
  • All the nameservers are being operated from a single domain (cloudflare.com). If that domain gets compromised or goes offline, the DNS will be unavailable. Consider spreading the nameservers across multiple domains.

We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.

  • All IPv4 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.
  • All IPv6 nameservers appear to be hosted in the same country (US). You might want to consider spreading the nameservers geographically.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • You have more than 1 nameserver.
  • DNSSEC is enabled.
  • CAA records found.

DNS records: 94%

Our scans detected the following publicly available DNS records.

Record TTL Value
A sagorski.org 5m 83.133.246.89
AAAA sagorski.org 5m 2001:7f0:3000:549::554:89
CAA sagorski.org 1h 0 issue "comodoca.com"
0 issue "digicert.com; cansignhttpexchanges=yes"
0 issue "letsencrypt.org"
0 issue "pki.goog; cansignhttpexchanges=yes"
0 issuewild "comodoca.com"
0 issuewild "digicert.com; cansignhttpexchanges=yes"
0 issuewild "letsencrypt.org"
0 issuewild "pki.goog; cansignhttpexchanges=yes"
DNSKEY sagorski.org 1h ZSK | ECDSA Curve P-256 with SHA-256 | oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8 KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA==

KSK | ECDSA Curve P-256 with SHA-256 | mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+ KkxLbxILfDLUT0rAK9iUzy1L53eKGQ==
MX sagorski.org 5m 10 mxext1.mailbox.org.
10 mxext3.mailbox.org.
20 mxext3.mailbox.org.
NS sagorski.org 24h charles.ns.cloudflare.com.
mia.ns.cloudflare.com.
SOA sagorski.org 1h charles.ns.cloudflare.com. dns.cloudflare.com. 2275853862 10000 2400 604800 3600
TXT sagorski.org 5m "have-i-been-pwned-verification=84a2f678cd37113967856bb8668c9ea7"
"v=spf1 include:mailbox.org ~all"
SRV _autodiscover._tcp.sagorski.org 5m 0 0 443 mailbox.org.
A *.sagorski.org 5m 83.133.246.89
A mail.sagorski.org 5m 161.97.155.147
AAAA mail.sagorski.org 5m 2a02:c206:3008:4285::1
CNAME www.sagorski.org 5m sagorski.org.

We detected the following errors or warnings about your DNS configuration. These caused your DNS rating to be lowered. Resolving these will grant a higher DNS Spy rating for your domain.

  • Consider giving the MX record for "sagorski.org" a longer TTL, as those don't change often (1h+).

We detected some possible recommendations for you to consider. No penalties were given for these, but resolving them can give you a higher DNS score.

  • No DMARC records have been found. Consider configuring DMARC for improved e-mail authentication.

Good news, we detected the following achievements in your DNS configuration. Each of these checks has increased your DNS Spy score.

  • Multiple MX records found.
  • MX records with different priorities found (main + fall-back mailservers).
  • The MX records points to multiple mailservers.
  • The NS records have a long TTL (1h+).
  • Your SOA serial number follows the best practice YYYYMMDDxx format.
  • SPF records have been found.
  • SPF records are set up restrictively.
  • Found a root (apex) DNS record.
  • Found a www DNS record.
  • Found an IPv6 root DNS record.
  • This domain is Have I Been Pwned? verified, bonus points are awarded for being security conscious.
  • The active nameservers match the NS records.
  • The DNS records appear to be RFC compliant.
Proud of your DNS score? Share it with the world!

 

Have a look at other public DNS scans.