DNSCog beta!

DNSCog Report for cdi.ul.ie

Registrar Tests

Nameserver Tests
SOA Tests
DNSSEC Tests
Mail Tests
Raw Data

Test Result	Analysis
Fail	Check nameservers at parent The following nameserver(s) are missing at the parent 'auth-ns1.ucd.ie.': mercury.ul.ie. Recommendation Contact your registrar to add the missing nameservers to the parent, and be sure to include all available nameservers in your domain's delegation.
	This test verifies that each of your domain's nameservers are registered at the parent. If your domain is delegated to fewer nameservers than are available (e.g. four out of five), this will also return an error. Nameservers: source.cdi.ul.ie. mercury.ul.ie. NS Records From Parent: source.cdi.ul.ie.
Info	Check nameserver glue records from parent The following nameserver(s) are missing glue records at the parent 'auth-ns1.ucd.ie.': mercury.ul.ie. Recommendation If your domain is a different TLD than its nameservers (for example, domain.com delegated to ns1.domain.org and ns2.domain.net), the parent will lack glue records. This is perfectly normal. If your domain and its nameservers are in the same TLD, and you are seeing this message, contact your registrar to add glue records for your nameservers to the parent.
	This check verifies that each of your nameservers has a valid glue record at the parent. Glue records enable the parent to return both the hostnames and IP addresses for your nameservers, speeding up resolution. Nameservers: source.cdi.ul.ie. mercury.ul.ie. Records From Parent: source.cdi.ul.ie.
Pass	Check glue record matching All of your glue records match those returned from your nameservers.
	Checks whether or not the glue records returned from the parent of the nameservers match the A records returned by the nameservers. Glue records from parent: 'source.cdi.ul.ie.' is 193.1.101.122 Nameserver source.cdi.ul.ie. A Records: 'cdi.ul.ie.' is 193.1.101.58 Nameserver mercury.ul.ie. A Records: 'cdi.ul.ie.' is 193.1.101.58 Nameserver localhost A Records: 'mercury.ul.ie.' is 193.1.100.130 'cdi.ul.ie.' is 193.1.101.58
Fail	Check the number of nameservers Parent reported only one nameserver for your domain. Recommendation Contact your registrar to add at least one additional nameserver. With only a single point of failure, your domain risks losing resolution entirely if an outage occurs at your single nameserver.
	This test simply the number of NS records returned by the parent for validity. NS Records Returned By Parent: source.cdi.ul.ie.

Test Result	Analysis
Pass	Check for public nameserver IP addresses The IP addresses of your nameservers are publicly available from any TCP/IP network.
	This check tests your nameservers' assigned IP addresses to ensure they are valid, publicly-accessible addresses. 193.1.101.122
Pass	Check the nameserver FQDN validity All nameservers reported by the parent have valid hostnames.
	This check ensures your domain's nameservers are Fully Qualified Domain Names. All Nameservers: source.cdi.ul.ie.
Fail	Check for A records corresponding to NS records The following NS records do not have A records returned: Nameserver 'source.cdi.ul.ie.' returned NS record for 'source.cdi.ul.ie.' but not an A record. Nameserver 'mercury.ul.ie.' returned NS record for 'source.cdi.ul.ie.' but not an A record.
	Checks whether or not each NS record is returned with a corresponding A record by each nameserver. Nameserver source.cdi.ul.ie. NS Records: source.cdi.ul.ie. mercury.ul.ie. Nameserver source.cdi.ul.ie. A Records: cdi.ul.ie. Nameserver mercury.ul.ie. NS Records: mercury.ul.ie. source.cdi.ul.ie. Nameserver mercury.ul.ie. A Records: cdi.ul.ie.
Pass	Check for identical nameserver responses This test passes, but please note that you have only one set of NS records.
	This test makes sure that each of your nameservers returns the same response. ; from source.cdi.ul.ie. cdi.ul.ie. 86400 IN NS source.cdi.ul.ie. cdi.ul.ie. 86400 IN NS mercury.ul.ie.
Pass	Check for nameserver response All nameservers responded to at least one query about your domain.
	This check verifies that each of your nameservers are responding to queries for your domain. source.cdi.ul.ie. responded mercury.ul.ie. responded
Fail	Check for lame nameservers The following nameservers are delegated by the parent but do not respond authoritatively: source.cdi.ul.ie. Recommendation Contact the hostmaster for your nameservers to have the nameserver respond authoritatively for your domain.
	Checks whether or not each delegated nameservers is authoritative. 'source.cdi.ul.ie.' did not return SOA
Fail	Check for stealth nameservers Some of your nameservers returned NS records that are missing from the parent nameserver: mercury.ul.ie. Recommendation There are more nameservers available for your domain than you are currently using (e.g. four out of five). Contact your registrar and delegate your domain to all of the available authoritative nameservers.
	This test determines if your domain is properly delegated to all of the available authoritative nameservers. 'source.cdi.ul.ie.' returned stealth NS records: mercury.ul.ie.
Pass	Check for missing nameservers Your nameservers are not missing any NS records.
	This test ensures the list of NS records returned by the parent and the list of NS records returned by your nameservers match. 'source.cdi.ul.ie.' has no missing NS records
Fail	Check separate nameserver networks Parent provided only one nameserver for your domain. Recommendation You need at least two nameservers in separate class C networks.
	Checks whether or not each nameserver is in a different class C IP network. 193.1.101.122
Pass	Check for CNAME records for nameservers You do not have CNAME records for nameserver hostnames in your zone.
	This test ensures your nameserver hostnames do not incorrectly correspond to CNAME records.
Info	Check for nameserver DNS server versions Your nameservers appear to be using the following software to serve DNS queries: ISC BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5: source.cdi.ul.ie.

Warning	Check for open recursive DNS Following nameservers answered recursive DNS queries: mercury.ul.ie. Recommendation Do not use open recursive as nameserver for your zones.

Pass	Check for open zone transfers Your nameservers do not allow zone transfers.

SOA Tests

Registrar Tests
Nameserver Tests
DNSSEC Tests
Mail Tests
Raw Data

Test Result	Analysis
Fail	Check SOA record We cannot find any SOA record returned from your nameservers. Recommendation Make sure that your zone is loaded on the DNS servers listed for your domain, and that the nameservers you are using are authoritative for your domain.
	This test verifies that your domain's zone file contains a valid SOA record. source.cdi.ul.ie. did not return SOA
Fail	Check SOA MNAME We don't have SOA data to analyze.
	This test verifies that the primary nameserver (in the MNAME field of your SOA record) is valid and included in your domain's NS list.
Fail	Check SOA RNAME We don't have SOA data to analyze.

Fail	Check SOA serial We don't have SOA data to analyze.
	This test displays your zone's current serial number.
Fail	Check SOA refresh We don't have SOA data to analyze.
	This test evaluates the refresh interval for your zone. Having too high or too low of a refresh interval may cause propagation issues.
Fail	Check SOA retry We don't have SOA data to analyze.
	This test evaluates the retry interval for your zone. Having too high or too low of a retry interval may cause propagation issues.
Fail	Check SOA expiration We don't have SOA data to analyze.
	This test evaluates the expiry value for your zone. Having too high or too low of an expiry value may cause propagation issues.
Fail	Check SOA MINTTL We don't have SOA data to analyze.
	This test evaluates the minimum TTL value for your zone. Having too high or too low of a minimum TTL value may cause propagation issues.

DNSSEC Tests

Registrar Tests
Nameserver Tests
SOA Tests
Mail Tests
Raw Data

Test Result	Analysis
Warning	Check RRSIG validity for all important DNS resource records Your nameservers do not provide DNSSEC information with their answers.
	This test makes sure that each of your nameservers returns correct RRSIG records for all answers. ; no DNSKEY from source.cdi.ul.ie. ; no RRSIG recs from source.cdi.ul.ie. ; records not covered by RRSIGs from source.cdi.ul.ie. cdi.ul.ie. 14400 IN A 193.1.101.58 cdi.ul.ie. 86400 IN NS source.cdi.ul.ie. cdi.ul.ie. 86400 IN NS mercury.ul.ie. cdi.ul.ie. 14400 IN MX 0 cdi.ul.ie.

Test Result

Analysis

Warning

Check RRSIG validity for all important DNS resource records

Your nameservers do not provide DNSSEC information with their answers.

Mail Tests

Registrar Tests
Nameserver Tests
SOA Tests
DNSSEC Tests
Raw Data

Test Result	Analysis
Warning	Check the number of MX hosts Your nameservers report only one unique MX record. We recommend having more than one in order to ensure reliable mail delivery. Recommendation You should consider including a secondary mail server to handle your mail if the primary server fails.
	This test evaluates the number of MX records returned by the nameservers. Unique MX Records Returned By Nameservers: cdi.ul.ie.
Pass	Check MX records for Public IPs All MX records resolve to public IPs.
	This check verifies that each of your mail servers is in public IP space. MX cdi.ul.ie. has public IP 193.1.101.58
Pass	Check for valid MX records with unique IP address Your MX records resolve to unique hostnames with an A record pointing to unique IP addresses.
	This test checks to see if the MX records for your domain have valid A records that point to unique IP addresses. ; from source.cdi.ul.ie. cdi.ul.ie. 14400 IN MX 0 cdi.ul.ie. cdi.ul.ie. 14400 IN A 193.1.101.58
Info	Check for Mailexchanger IPs reverse DNS records The following mailexchangers IP do not have reverse DNS: cdi.ul.ie. 193.1.101.58 Recommendation It's recommended for your mailservers to have reverse DNS if they connect to other MTA to transport mail.
	This test determines whether or not your mail server ip addresses all have reverse DNS entries 193.1.101.58: PTR not found
Pass	Check that all MX returned are valid hostnames Your nameservers return MX records pointing to valid FQDNs.
	This test verifies that your MX records are valid. Unique MX Records Returned By Nameservers: cdi.ul.ie.
Info	Check for open relay mail servers The following mail servers were not tested for open relay service: cdi.ul.ie. 193.1.101.58
	This test determines whether or not your mail servers are providing open relay services without authentication.
Pass	Check for port 25 connection All of your mail servers accept TCP connections.
	This test determines whether or not your mail servers are listening for TCP connections on port 25.
Pass	Check for port 465 connection All of your mail servers accept TCP connections.
	This test determines whether or not your mail servers are listening for TCP connections on port 465.
Fail	Check for mail server banners The following mail servers did not display a banner: cdi.ul.ie. 193.1.101.58 Recommendation Configure your mail server to display a banner upon connection.
	This test determines whether or not your mail servers are displaying banners on connection. cdi.ul.ie. 193.1.101.58 banner: no banner
Fail	Check to see if mail server accepts mail from empty address The following mailexchangers did not accept mail from empty sender address cdi.ul.ie. 193.1.101.58 Recommendation Your mailexchanger needs to accept mail for according to RFC822.
	This test determines whether or not your mail server will accept mail from robots that use empty alias. cdi.ul.ie. 193.1.101.58: mail_from --
Fail	Check to see if mail server accepts mail to postmaster@ The following mailexchangers did not accept mail for postmaster cdi.ul.ie. 193.1.101.58 Recommendation Your mailexchanger needs to accept mail for according to RFC822.
	This test determines whether or not your mail server will accept mail for RFC-required alias postmaster. cdi.ul.ie. 193.1.101.58: rcpt_to_postmaster --
Fail	Check to see if mail server accepts mail to abuse@ The following mailexchangers did not accept mail for abuse alias cdi.ul.ie. 193.1.101.58 Recommendation Your mailexchanger needs to accept mail for according to RFC822.
	This test determines whether or not your mail server will accept mail for RFC-required alias abuse. cdi.ul.ie. 193.1.101.58: rcpt_to_abuse --
Warning	Check SPF record You don't have any SPF resource records in your DNS zone. Recommendation You should create a SPF record for your DNS zone. This will help prevent e-mails being sent from your domain that are forged. If you need assistance with how to format a valid SPF record, please use the SPF Wizard (http://old.openspf.org/wizard.html).
	This test checks your DNS zone for a SPF record. An SPF record can minimize number of forged e-mails appearing to be sent from your domain. ; from source.cdi.ul.ie. No SPF/TXT Records Found

Collected Raw Data

DNS Responses Received From auth-ns1.ucd.ie.

source.cdi.ul.ie. 3600 IN A 193.1.101.122
cdi.ul.ie. 3600 IN NS source.cdi.ul.ie.

DNS Responses Received From source.cdi.ul.ie.

cdi.ul.ie. 14400 IN A 193.1.101.58
cdi.ul.ie. 86400 IN NS source.cdi.ul.ie.
cdi.ul.ie. 86400 IN NS mercury.ul.ie.
cdi.ul.ie. 14400 IN MX 0 cdi.ul.ie.

DNS Responses Received From mercury.ul.ie.

cdi.ul.ie. 14400 IN A 193.1.101.58
cdi.ul.ie. 14400 IN NS mercury.ul.ie.
cdi.ul.ie. 14400 IN NS source.cdi.ul.ie.
cdi.ul.ie. 14400 IN MX 0 cdi.ul.ie.

DNS Records Collected At Local Recursive

mercury.ul.ie. 3599 IN A 193.1.100.130
cdi.ul.ie. 14400 IN A 193.1.101.58

NS Inspection Results For source.cdi.ul.ie.

ip: 193.1.101.122
tcp: 1
axfr: 0
fpdns: ISC BIND 9.2.3rc1 -- 9.4.0a0  
recursion: 0
version.bind: 9.3.6-P1-RedHat-9.3.6-4.P1.el5
asn: 1213
response_time: 106 ms

NS Inspection Results For mercury.ul.ie.

ip: 193.1.100.130
tcp: 1
axfr: 0
fpdns: TIMEOUT  
recursion: 1
asn: 1213
response_time: 106.2 ms

Mailserver Inspection Results For cdi.ul.ie.

193.1.101.58 tcp_connect: "1"
193.1.101.58 PTR: ""
193.1.101.58 ssl_connect: "0"

...run another DNSCog dns report

Have feedback on DNSCog.com? Want to discuss your report results with other users?

Visit DynDNS community forum.