IP Tracker
Lookup, Trace, Track and Find IP Location online with free IP tracking & tracer
tools at IP-Tracker.org
DNS & IP Record Check for Twinstar.cz
This tool gives you a detailed overview of the DNS data retrieved for the requested domain, Twinstar.cz. For DNSSEC, use our separate DNSSEC check tool. It's not included in this test.
|
|
| DNS Group | DNS Check | DNS Record Type | DNS Data Information |
|---|---|---|---|
| PARENT | |||
| PASS | Missing Direct Parent check | OK. Your direct parent zone exists, SOA of parent zone cz is a.ns.nic.cz which is good. Some domains (usually third or fourth level domains, such as example.co.us or subdomain.example.co.us) do not have a direct parent zone ('co.us' in this example), which is legal but can cause confusion. | |
| FAIL | Glue at parent nameservers | The parent servers do not have glue for your nameserversdan.ns.cloudflare.com, lila.ns.cloudflare.com | |
| INFO | NS records at parent servers | Your NS record at parent servers are: These were obtained from a.ns.nic.cz. However these were obtained from authority section and not answer section. It is better if they were obtained from answer section. |
|
| PASS | DNS servers have A records | OK. All your DNS servers either have A records at the zone parent servers | |
| PASS | Parent nameservers have your nameservers listed | OK. When someone uses DNS to look up your domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you aren't listed there, you can't be found. But you are listed there. |
| DNS Group | DNS Status | DNS Record Type | DNS Data Information | |||||
|---|---|---|---|---|---|---|---|---|
| NS | ||||||||
| INFO | NS records at your nameservers | Your NS records at your nameservers are:
|
||||||
| PASS | Mismatched NS records | OK. NS records at all your nameservers are identical. | ||||||
| PASS | All nameservers respond | All your nameservers responding. | ||||||
| PASS | Recursive queries | None of your nameservers allow recursive queries | ||||||
| PASS | Zone Transfer | Zone transfer not allowed by any of your nameservers | ||||||
| PASS | No NS A records at nameservers | OK. Your nameservers do include corresponding A records when asked for your NS records. This ensures that your DNS servers know the A records corresponding to all your NS records. | ||||||
| PASS | Nameserver name validity | OK. All of the NS records that your nameservers report seem valid (no IPs or partial domain names). | ||||||
| PASS | Number of nameservers | You have 2 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7. | ||||||
| PASS | Lame nameservers | OK. All the nameservers listed at the parent servers answer authoritatively for your domain. | ||||||
| PASS | Missing (stealth) nameservers | You have no stealth servers. | ||||||
| PASS | Missing nameservers 2 | All nameservers listed at parent servers are listed as NS records at your nameservers | ||||||
| PASS | Same Glue | The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This DNS record tests only nameservers that are common at the parent and at your nameservers. | ||||||
| PASS | No CNAMEs for domain | OK. There are no CNAMEs for Twinstar.cz. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. | ||||||
| PASS | TCP Allowed | All your nameservers allow TCP connection | ||||||
| PASS | Stealth NS record leakage | Your DNS servers doesn't leak NS record in non-NS request. | ||||||
| PASS | Nameservers on separate class C's | OK. You have nameservers on different Class C (technically, /24) IP ranges. You must have nameservers at geographically and topologically dispersed locations. RFC2182 3.1 goes into more detail about secondary nameserver location. | ||||||
| PASS | All NS IPs public | OK. All of your NS records appear to use public IPs. If there were any private IPs, they would not be reachable, causing DNS delays. | ||||||
| FAIL | Glue for NS record | Your nameservers for your NS records didn't return the A records for the NS records. | ||||||
| DNS Group | DNS Status | DNS Record Type | DNS Data Information |
|---|---|---|---|
| SOA | |||
| INFO | SOA record | Your SOA record [TTL=1800] is: Primary Name server: dan.ns.cloudflare.com Hostmaster E-mail address: dns.cloudflare.com Serial #:2375506849 Refresh: 10000 Retry: 2400 Expire: 604800 Default: 1800 |
|
| PASS | SOA MNAME entry | SOA MNAME dan.ns.cloudflare.com is listed as a primary nameserver at your parent nameserver | |
| PASS | SOA RNAME entry | OK. Your SOA (Start of Authority) record states that your DNS contact E-mail address is: [email protected] (techie note: we have changed the initial '.' to an '@' for display purposes). | |
| PASS | NS agreement on SOA Serial # | OK. All your nameservers agree that your SOA serial number is 2009050102. That means that all your nameservers are using the same data (unless you have different sets of data with the same serial number, which would be very bad)! Note that the DNS report only checks the NS records listed at the parent servers (not any stealth servers). | |
| FAIL | SOA Serial | Your SOA serial number is: 2375506849. This doesn't appears to be in the recommended format of YYYYMMDDnn. | |
| INFO | SOA REFRESH | OK. Your SOA REFRESH interval is: 10000. RFC 1912 recommends 1200 to 43200 seconds, low (1200) if the data is volatile or 43200 (12 hours) if it's not. If you are using NOTIFY you can set for much higher values, for instance, 1 or more days (> 86400 seconds). | |
| WARN | SOA RETRY | OK. Your SOA RETRY interval is: 2400. Typical values would be 180 (3 minutes) to 900 (15 minutes) or higher. | |
| WARN | SOA EXPIRE | OK. Your SOA EXPIRE interval is: 604800 .RFC 1912 recommends 1209600 to 2419200 seconds (2-4 weeks) to allow for major outages of the zone master. | |
| PASS | SOA MINIMUM TTL | OK. Your SOA MINIMUM TTL is: 1800. That is OK |
| DNS Group | DNS Status | DNS Record Type | DNS Data Information |
|---|---|---|---|
| MX | |||
| PASS | MX Glue | MX record look up sends glue record which is good. | |
| PASS | MX records are not CNAMEs | OK. Looking up your MX record did not just return a CNAME. If an MX record query returns a CNAME, extra processing is required, and some mail servers may not be able to handle it. | |
| PASS | MX name validity | Good. We did not detect any invalid chars in hostnames for your MX records. | |
| PASS | MX is host name, not IP | OK. All of your MX records are host names (as opposed to IP addresses, which are not allowed in MX records). | |
| FAIL | Different MX records at nameservers | Looks like all your nameservers have the different set of MX records. nameserver lila.ns.cloudflare.com has Twinstar.cz:not found in nameserver dan.ns.cloudflare.com |
|
| PASS | MX Glues match | MX Glue returned by nameserver for MX record match with A record of MX hostname. | |
| PASS | Duplicate MX records | OK. You do not have any duplicate MX records (pointing to the same IP). Although technically valid, duplicate MX records can cause a lot of confusion, and waste resources. | |
| PASS | MX A lookups have no CNAMEs | OK. There appear to be no CNAMEs returned for A records lookups from your MX records (CNAMEs are prohibited in MX records, according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3). | |
| INFO | MX Record | Your 1 records: 10 Twinstar.cz [IP Address=] [TTL=300] |
|
| FAIL | Multiple MX records | You need to have multiple MX records so that if one is down or unreachable, the other(s) will be able to accept mail for you. | |
| FAIL | Reverse MX A records (PTR) | There are no A records for your MXs, can't test for reverse address. | |
| PASS | All MX IPs public | OK. All of your MX records appear to use public IPs. If there were any private IPs, they would not be reachable, causing slight mail delays, extra resource usage, and possibly bounced mail. |
| DNS Group | DNS Status | DNS Record Type | DNS Data Information |
|---|---|---|---|
| PASS | SPF record | google-site-verification=7BN2pdWaTrBuhw6M0vcuNO9r1s2mq7EBDjMICSxyPW8 v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; adkim=r; aspf=r; rf=afrf v=spf1 mx a ptr ip4:54.38.48.212/32 ip4:54.38.48.214 ip4:54.38.48.213 a:relay.twinstar-wow.com a:relay2.twinstar-wow.com -all domain sends mail through its MX servers this domain is used to send mail this domain sends email from following IP/Range: 54.38.48.212/32, 54.38.48.214, 54.38.48.213 |
|
| WARN | Sender ID record(spfv2.0) | SenderID framework not implemented | |
| PASS | Domain Key Test | v=spf1 mx a ptr ip4:54.38.48.212/32 ip4:54.38.48.214 ip4:54.38.48.213 a:relay.twinstar-wow.com a:relay2.twinstar-wow.com -all The interim sending domain policy this domain may sign some email with DomainKeys available under selectors |
|
| PASS | DMARC | google-site-verification=7BN2pdWaTrBuhw6M0vcuNO9r1s2mq7EBDjMICSxyPW8 | |
| PASS | DMARC | v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; adkim=r; aspf=r; rf=afrf | |
| PASS | DMARC | v=spf1 mx a ptr ip4:54.38.48.212/32 ip4:54.38.48.214 ip4:54.38.48.213 a:relay.twinstar-wow.com a:relay2.twinstar-wow.com -all |
| DNS Group | DNS Status | DNS Record Type | DNS Data Information |
|---|---|---|---|
| WWW | |||
| INFO | WWW A record | Your WWW A record is: www.Twinstar.cz. Resolved IP: 104.26.2.17 You have separate A record for www. WA & DA Score for www.Twinstar.cz |
|
| PASS | IPs are public | OK. All of your WWW IP addresses appear to be public IP addresses. | |
| PASS | HTTP Service | OK: We can connect to http service on port 80. | |
| INFO | Server | http service on port 80 returns server information as Cloudflare |
|
| PASS | Server Header | http response header returns information about server as: Cloudflare |
|
| PASS | Connection | http connection header return connection as: Close | |
| WARN | Secure Header HSTS | The server did not implement the HSTS (HTTP Strict Transport Security) policy. The header over the HTTPS connection was not found. | |
| PASS | Secure Header X-Frame-Options | XFO response header that protects against clickjacking is found as: SAMEORIGIN XFO enables content to be found or not within iframes via the browser. |
|
| PASS | Secure Header X-Content-Type-Options | The secure X-Content-Type-Options header is set as: Nosniff The browser must interpret the file exactly as it is specified in the Content-Type HTTP header |
|
| WARN | Secure Header Content-Security-Policy | CSP is not defined in the policy. The return secure header does not send any feedback that the CSP has been set | |
| WARN | Secure Header X-Permitted-Cross-Domain-Policies | X-Permitted-Cross-Domain-Policies was not found in the response header | |
| PASS | Secure Header Referrer-Policy | Referrer-Policy is found in response header as: Same-origin The Referrer-Policy HTTP header determines what information will be sent in the Referrer header. |
|
| INFO | Secure Header Clear-Site-Data | Clear-Site-Data was not found in the response header | |
| PASS | Secure Header Cross-Origin-Embedder-Policy | COEP response header is found in the HTTP request as: Require-corp COEP with express permission decides whether a document can be retrieved from multiple sources or not |
|
| PASS | Secure Header Cross-Origin-Opener-Policy | COOP response header is found in the HTTP request as: Same-origin COOP allows you to secure a document by not sharing its browsing context group with documents from multiple sources |
|
| PASS | Secure Header Cross-Origin-Resource-Policy | CORP policy is found in the response header as: Same-origin CORP specifies a policy that protects against certain requests for img and script elements and against XSSI (cross-site scripting injection) attacks. |
|
| PASS | Secure Header Cache-Control | Cache-Control policy header is found in HTTP responses as: Private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Cache-Control belongs to the security header group that contains instructions for cashing |
|
| PASS | Secure Header Permissions-Policy | Permissions-Policy header is found in the HTTP response. as: Accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() The Permissions-Policy header grants permission and controls who can access features |
|
| INFO | Secure Header Feature-Policy | Feature-Policy header was not found in the HTTP responses. | |
| INFO | Secure Header X-XSS-Protection (Deprecated) | X-XSS-Protection header was not found in the HTTP responses. | |
| INFO | Secure Header HTTP Public Key Pinning (Deprecated) | HPKP header was not found in the HTTP responses. | |
| INFO | Secure Header Expect-CT (Deprecated) | Expect-CT header was not found in the HTTP responses. | |
| PASS | SSL / HTTPS Protocol | Domain use encrypted SSL / HTTPS connection on port 443. View SSL Certificate: Twinstar.cz. |
|
| FAIL | IPv6 | Your domain has no IPv6 support |
- PASS - No issues found in the DNS record.
- FAIL - DNS record error was found that should be fixed.
- WARN - A minor issue was detected in the DNS record.
- INFO - Just informational data, no problems found.
Click below to copy URL to clipboard for easy sharing of results:
» DNS Domain Lookup Record Twinstar.cz »