Your IP Address: 38.107.179.212
Located near: -, - (US)
Home 
Learn More Automated Usage
Learn More Automated Usage
Automated Usage - API access to DNSreport and Spam Database lookupProgrammatic access to allow for high volume usage for our DNSreport tool and our Spam Database Lookup tool. How would I use Spam Database lookup data?The Spam Database Lookup tool allows the user to determine if their email server(s) are currently listed on any Real-time Blacklists (RBLs). RBLs are frequently used by receiving email servers to determine the reputation of a sending email server that has previously been identified as sending Spam. Email administrators include RBLs as a primary way to fight Spam. There are a number of ways to get listed on a RBL and it is a battle to fix the problem when you are listed. DNSstuff provides the Spam Database Lookup tool (link to spam db lookup tool indiv landing page) to allow for manual lookup of current listings, RBLalerts(link to rbl page) to proactively monitor the status of your servers, and now we provide an API to allow users to incorporate these lookups in your applications and systems. How would I use DNSreport data? The DNSreport API helps service providers better manage customer domains. ISPs and managed services companies can take advantage of the API to run constant domain checks that may affect their customers domain, email configuration and connectivity. DNSreport (link to indiv landing page) runs 55 real time tests against a domain and reports each test with a pass/warn/fail and mitigation steps if necessary. PRICING:Set up - $950 FAQsCan I use my own script instead of the API? Yes, you can use a script to pass an HTTP GET command to our webserver, which contains the parameters of the tool you intend to use, the result returned is that of a fully formatted HTML web page, therefore the format of the results is not guaranteed and is subject to change without notice (unlike the API). When you use your own script you would then need to parse the resulting output manually with a script of that extracts the desired information from our HTML return page. To use your own script, we will supply a token for you to use. Requests will be made in this format: http://www.dnsstuff.com/tools/.ch?=&=&token= Can I query WHOIS data? No, we restrict automated usage to access WHOIS data. Can I use automated usage for other DNSstuff tools? Yes Can CDATA tags before handing off to an XML parser? Yes APIs the detailHow does Spam DB lookup API work? We provide two APIs for using the Spam Database Lookup tool. One returns an XML stream and the other returns a simple text string. To obtain an XML stream of data you must send an HTTP GET with the following parameters:
An example HTTP GET string would look like this: GET /tools/ip4r.ch?ip=&token=&detail=9998 The validIP and validtoken would be replaced with the following; which IP they were interested in searching and their assigned token value. The detail 9998 requests the data be returned as XML. The XML returned is in the format (example with IP as 88.66.44.55):
This above example shows a report from only one RBL site. When the real report is run the Notes:
There are additional flags that can be sent to the Spam Database tool. These are:
An HTTP GET using these values would look like this: /tools/ip4r.ch?ip= In this example the timeout value is set to 2 seconds (or you could set the timeout to 2000). A value of 2500 would be 2.5 seconds. How does DNSreport API work? This API will return a XML-like data stream. We use the term XML-like as the current content of the returned data is not 100% properly formatted. Specifically one will notice that some data portions of return can contain HTML formatting marks and can confuse XML parsers. http://private.dnsstuff.com/tools/dnsreport.ch?domain=&token= Note: in order to execute this query you will need a valid token. We can supply a valid token for testing.
HTTP/1.1 200 OK
Server: RSP_WEBDNS
Date: Thu, 1 May 2008 18:04:55 GMT
Content-Type: text/html
Set-Cookie: ID=2f01a8c0000000; path=/; domain=.DNSstuff.com;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="TestResults.xsd">
DNSReport
Parent
Missing Direct Parent check
1
PASS
OK. Your direct parent zone exists, which is good. Some domains (usually
third or fourth level domains, such as example.co.us) do not have a direct
parent zone ('co.us' in this example), which is legal but can cause confusion.
DNSReport
Parent
NS records at parent servers
2
INFO
Your NS records at the parent servers are:
pdns1.ultradns.net.
[204.74.108.1] [TTL=172800] []
pdns2.ultradns.net. [204.74.109.1] [TTL=172800] []
pdns3.ultradns.org. [199.7.68.1 (NO GLUE)] []
pdns4.ultradns.org. [199.7.69.1 (NO GLUE)] []
pdns5.ultradns.info. [204.74.114.1 (NO GLUE)] []
pdns6.ultradns.co.uk. [204.74.115.1 (NO GLUE)] []
[These were obtained from j.gtld-servers.net]
DNSReport
Parent
Parent nameservers have your nameservers listed
3
PASS
OK. When someone uses DNS to look up your domain, the first step (if it doesn't
already know about your domain) is to go to the parent servers. If you aren't
listed there, you can't be found. But you are listed there.
DNSReport
Parent
Glue at parent nameservers
4
WARN
WARNING. The parent servers (I checked with j.gtld-servers.net.) are not
providing glue for all your nameservers. This means that they are supplying
the NS records (host.example.com), but not supplying the A records
(192.0.2.53), which can cause slightly slower connections, and may cause
incompatibilities with some non-RFC-compliant programs. This is perfectly
acceptable behavior per the RFCs. This will usually occur if your DNS
servers are not in the same TLD as your domain (for example, a DNS server
of "ns1.example.org" for the domain "example.com"). In this case, you can
speed up the connections slightly by having NS records that are in the
same TLD as your domain.
DNSReport
Parent
DNS servers have A records
5
PASS
OK. All your DNS servers either have A records at the zone parent
servers, or do not need them (if the DNS servers are on other TLDs).
A records are required for your hostnames to ensure that other DNS
servers can reach your DNS servers. Note that there will be
problems if your DNS servers do not have these same A records.
DNSReport
NS
NS records at your nameservers
6
INFO
Your NS records at your nameservers are:
pdns5.ultradns.info.
pdns4.ultradns.org.
pdns3.ultradns.org.
pdns2.ultradns.net.
pdns1.ultradns.net.
pdns6.ultradns.co.uk.
DNSReport
NS
Open DNS servers
7
PASS
OK. Your DNS servers do not announce that they are open DNS servers.
Although there is a slight chance that they really are open DNS servers,
this is very unlikely. Open DNS servers increase the chances that of
cache poisoning, can degrade performance of your DNS, and can cause your
DNS servers to be used in an attack (so it is good that your DNS servers
do not appear to be open DNS servers).
DNSReport
NS
Mismatched glue
8
PASS
OK. The DNS report did not detect any discrepancies between the glue
provided by the parent servers and that provided by your authoritative
DNS servers.
DNSReport
NS
No NS A records at nameservers
9
PASS
OK. Your nameservers do include corresponding A records when asked
for your NS records. This ensures that your DNS servers know the A
records corresponding to all your NS records.
DNSReport
NS
All nameservers report identical NS records
10
PASS
OK. The NS records at all your nameservers are identical.
DNSReport
NS
All nameservers respond
11
PASS
OK. All of your nameservers listed at the parent nameservers
responded.
DNSReport
NS
Nameserver name validity
12
PASS
OK. All of the NS records that your nameservers report seem valid (no IPs or partial
domain names).
DNSReport
NS
Number of nameservers
13
PASS
OK. You have 6 nameservers. You must have at least 2 nameservers (
href="http://www.DNSstuff.com/pages/rfc2182.htm">RFC2182 section 5
recommends at least 3 nameservers), and
preferably no more than 7.
DNSReport
NS
Lame nameservers
14
PASS
OK. All the nameservers listed at the parent servers answer authoritatively for your
domain.
DNSReport
NS
Missing (stealth) nameservers
15
PASS
OK. All 6 of your nameservers (as reported by your nameservers) are also listed at the
parent servers.
DNSReport
NS
Missing nameservers 2
16
PASS
OK. All of the nameservers listed at the parent nameservers are also listed as NS
records at your nameservers.
DNSReport
NS
No CNAMEs for domain
17
PASS
OK. There are no CNAMEs for crwdcntrl.net.
href="http://www.DNSstuff.com/pages/rfc1912.htm">RFC1912 2.4 and
href="/tools/rfc.ch?detail=2181">RFC2181 10.3 state that there should be no
CNAMEs if an NS (or any other) record is present.
DNSReport
NS
No NSs with CNAMEs
18
PASS
OK. There are no CNAMEs for your NS records.
href="http://www.DNSstuff.com/pages/rfc1912.htm">RFC1912 2.4 and
href="/tools/rfc.ch?detail=2181">RFC2181 10.3 state that there should be no
CNAMEs if an NS (or any other) record is present.
DNSReport
NS
Nameservers on separate class C's
19
PASS
OK. You have nameservers on different Class C (technically, /24) IP ranges.
You must have nameservers at geographically and topologically dispersed locations.
href="http://www.DNSstuff.com/pages/rfc2182.htm">RFC2182 3.1 goes into more detail
about secondary nameserver location.
DNSReport
NS
All NS IPs public
20
PASS
OK. All of your NS records appear to use public IPs. If there were any private IPs,
they would not be reachable, causing DNS delays.
DNSReport
NS
TCP Allowed
21
WARN
WARNING: One or more of your DNS servers does not accept TCP connections. Although
rarely used, TCP connections are occasionally used instead of UDP connections. When
firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems.
The problem servers are:
204.74.114.1: Timeout.
204.74.115.1: Timeout.
DNSReport
NS
Nameservers versions
23
INFO
Your nameservers have the following versions:
204.74.108.1: "UltraDNS
Resolver"
204.74.108.1: "UltraDNS (tm) by UltraDNS Corporation"
204.74.108.1:
"(this is not a 'bind' server)"
204.74.108.1: "http://www.ultradns.com/"
/>204.74.109.1: "UltraDNS Resolver"
204.74.109.1: "UltraDNS (tm) by UltraDNS
Corporation"
204.74.109.1: "(this is not a 'bind' server)"
204.74.109.1:
"http://www.ultradns.com/"
199.7.68.1: "UltraDNS Resolver"
199.7.68.1:
"UltraDNS (tm) by UltraDNS Corporation"
199.7.68.1: "(this is not a 'bind'
server)"
199.7.68.1: "http://www.ultradns.com/"
199.7.69.1: "UltraDNS
Resolver"
199.7.69.1: "UltraDNS (tm) by UltraDNS Corporation"
199.7.69.1: "(this
is not a 'bind' server)"
199.7.69.1: "http://www.ultradns.com/"
204.74.114.1:
"UltraDNS Resolver"
204.74.114.1: "UltraDNS (tm) by UltraDNS Corporation"
/>204.74.114.1: "(this is not a 'bind' server)"
204.74.114.1:
"http://www.ultradns.com/"
204.74.115.1: "UltraDNS Resolver"
204.74.115.1:
"UltraDNS (tm) by UltraDNS Corporation"
204.74.115.1: "(this is not a 'bind'
server)"
204.74.115.1: "http://www.ultradns.com/"
DNSReport
NS
Stealth NS record leakage
24
PASS
Your DNS servers do not leak any stealth NS records (if any) in non-NS
requests.
DNSReport
SOA
SOA record
25
INFO
Your SOA record [TTL=86400] is:
Primary nameserver: pdns1.ultradns.net.
Hostmaster E-mail address: netops.lotame.com.
Serial #: 2008040300
Refresh: 86400
Retry: 7200
Expire: 604800
Default TTL: 900
DNSReport
SOA
NS agreement on SOA Serial #
26
PASS
OK. All your nameservers agree that your SOA serial number is 2008040300. That means
that all your nameservers are using the same data (unless you have different sets of
data with the same serial number, which would be very bad)! Note that the DNSreport
only checks the NS records listed at the parent servers (not any stealth servers).
DNSReport
SOA
SOA MNAME Check
27
PASS
OK. Your SOA (Start of Authority) record states that your master (primary)
name server is: pdns1.ultradns.net.. That server is listed at the parent
servers, which is correct.
DNSReport
SOA
SOA RNAME Check
28
PASS
OK. Your SOA (Start of Authority) record states that your DNS contact
E-mail address is: netops@lotame.com. (techie note: we have changed
the initial '.' to an '@' for display purposes).
DNSReport
SOA
SOA Serial Number
29
PASS
OK. Your SOA serial number is: 2008040300. This appears to be in the
recommended format of YYYYMMDDnn, where 'nn' is the revision. So this
indicates that your DNS was last updated on 03 Apr 2008 (and was
revision #0). This number must be incremented every time you make a
DNS change.
DNSReport
SOA
SOA REFRESH value
30
WARN
WARNING: Your SOA REFRESH interval is : 86400 seconds. This seems high.
You should consider decreasing this value to about 3600-7200 seconds (or
higher, if using DNS NOTIFY). RFC1912 2.2 recommends a value between 1200 to
43200 seconds (20 minutes to 12 hours, with the longer time periods used
for very slow Internet connections), although some registrars may limit
you to 10000 seconds or higher, and if you are using DNS NOTIFY the
refresh value is not as important (RIPE recommend 86400 seconds if using
DNS NOTIFY). This value determines how often secondary/slave nameservers
check with the master for updates. A value that is too high will cause
DNS changes to be in limbo for a long time.
DNSReport
SOA
SOA RETRY value
31
PASS
OK. Your SOA RETRY interval is : 7200 seconds. This seems normal (about
120-7200 seconds is good). The retry value is the amount of time your
secondary/slave nameservers will wait to contact the master nameserver
again if the last attempt failed.
DNSReport
SOA
SOA EXPIRE value
32
PASS
OK. Your SOA EXPIRE time: 604800 seconds. This seems normal (about
1209600 to 2419200 seconds (2-4 weeks) is good). RFC1912 suggests
2-4 weeks. This is how long a secondary/slave nameserver will wait
before considering its DNS data stale if it can't reach the
primary nameserver.
DNSReport
SOA
SOA MINIMUM TTL value
33
PASS
OK. Your SOA MINIMUM TTL is: 900 seconds. This seems normal
(about 3,600 to 86400 seconds or 1-24 hours is good). RFC2308
suggests a value of 1-3 hours. This value used to determine the
default (technically, minimum) TTL (time-to-live) for DNS entries,
but now is used for negative caching.
DNSReport
MX
MX Category
34
FAIL
ERROR: I couldn't find any MX records for crwdcntrl.net. If you want
to receive E-mail on this domain, you should have MX record(s). Without
any MX records, mailservers should attempt to deliver mail to the A
record for crwdcntrl.net. I can't continue in a case like this, so
I'm assuming you don't receive mail on this domain.
DNSReport
Mail
Connect to mail servers
45
FAIL
ERROR: I could not find any mailservers for crwdcntrl.net.
DNSReport
WWW
WWW Record
53
INFO
Your www.crwdcntrl.net A record is:
www.crwdcntrl.net. CNAME
crwdcntrl.net. [TTL=86400]
crwdcntrl.net. A 72.32.168.198 [TTL=86400] []
DNSReport
WWW
All WWW IPs public
54
PASS
OK. All of your WWW IPs appear to be public IPs. If there were
any private IPs, they would not be reachable, causing problems
reaching your web site.
DNSReport
WWW
CNAME Lookup
55
PASS
OK. You do have a CNAME record for www.crwdcntrl.net, which can cause
some confusion. However, this is legal. Your CNAME entry also returns
the A record for the CNAME entry, which is good -- otherwise, it would
require an extra DNS lookup, which slightly delays the initial access
to the website and use extra bandwidth. Note that if the CNAME points
to another CNAME, it will likely cause problems.
DNSReport
WWW
Domain A Lookup
56
INFO
Your crwdcntrl.net A record is:
crwdcntrl.net. A 72.32.168.198 [TTL=86400]
HTTP/1.1 200 OK
Server: RSP_WEBDNS
Date: Thu, 1 May 2008 18:04:55 GMT
Content-Type: text/html
Set-Cookie: ID=2f01a8c0000000; path=/; domain=.DNSstuff.com;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="TestResults.xsd">
DNSReport
Parent
Missing Direct Parent check
1
PASS
OK. Your direct parent zone exists, which is good. Some domains
(usually third or fourth level domains, such as example.co.us)
do not have a direct parent zone ('co.us' in this example), which
is legal but can cause confusion.
DNSReport
Parent
NS records at parent servers
2
INFO
Your NS records at the parent servers are:
pdns1.ultradns.net.
[204.74.108.1] [TTL=172800] []
pdns2.ultradns.net. [204.74.109.1] [TTL=172800] []
pdns3.ultradns.org. [199.7.68.1 (NO GLUE)] []
pdns4.ultradns.org. [199.7.69.1 (NO GLUE)] []
pdns5.ultradns.info. [204.74.114.1 (NO GLUE)] []
pdns6.ultradns.co.uk. [204.74.115.1 (NO GLUE)] []
[These were obtained from j.gtld-servers.net]
DNSReport
Parent
Parent nameservers have your nameservers listed
3
PASS
OK. When someone uses DNS to look up your domain, the first step
(if it doesn't already know about your domain) is to go to the
parent servers. If you aren't listed there, you can't be
found. But you are listed there.
DNSReport
Parent
Glue at parent nameservers
4
WARN
WARNING. The parent servers (I checked with j.gtld-servers.net.) are
not providing glue for all your nameservers. This means that they
are supplying the NS records (host.example.com), but not supplying
the A records (192.0.2.53), which can cause slightly slower connections,
and may cause incompatibilities with some non-RFC-compliant programs.
This is perfectly acceptable behavior per the RFCs. This will usually
occur if your DNS servers are not in the same TLD as your domain
(for example, a DNS server of "ns1.example.org" for the domain
"example.com"). In this case, you can speed up the connections
slightly by having NS records that are in the same TLD as your domain.
DNSReport
Parent
DNS servers have A records
5
PASS
OK. All your DNS servers either have A records at the zone parent
servers, or do not need them (if the DNS servers are on other TLDs).
A records are required for your hostnames to ensure that other
DNS servers can reach your DNS servers. Note that there will be
problems if your DNS servers do not have these same A records.
DNSReport
NS
NS records at your nameservers
6
INFO
Your NS records at your nameservers are:
pdns5.ultradns.info.
pdns4.ultradns.org.
pdns3.ultradns.org.
pdns2.ultradns.net.
pdns1.ultradns.net.
pdns6.ultradns.co.uk.
DNSReport
NS
Open DNS servers
7
PASS
OK. Your DNS servers do not announce that they are open DNS servers.
Although there is a slight chance that they really are open DNS servers,
this is very unlikely. Open DNS servers increase the chances that of
cache poisoning, can degrade performance of your DNS, and can cause
your DNS servers to be used in an attack (so it is good that your
DNS servers do not appear to be open DNS servers).
DNSReport
NS
Mismatched glue
8
PASS
OK. The DNS report did not detect any discrepancies between the
glue provided by the parent servers and that provided by
your authoritative DNS servers.
DNSReport
NS
No NS A records at nameservers
9
PASS
OK. Your nameservers do include corresponding A records when
asked for your NS records. This ensures that your DNS servers know
the A records corresponding to all your NS records.
DNSReport
NS
All nameservers report identical NS records
10
PASS
OK. The NS records at all your nameservers are identical.
DNSReport
NS
All nameservers respond
11
PASS
OK. All of your nameservers listed at the parent nameservers
responded.
DNSReport
NS
Nameserver name validity
12
PASS
OK. All of the NS records that your nameservers report
seem valid (no IPs or partial domain names).
DNSReport
NS
Number of nameservers
13
PASS
OK. You have 6 nameservers. You must have at least 2 nameservers (
href="http://www.DNSstuff.com/pages/rfc2182.htm">RFC2182 section 5
recommends at least 3 nameservers), and preferably no more than 7.
DNSReport
NS
Lame nameservers
14
PASS
OK. All the nameservers listed at the parent servers answer
authoritatively for your domain.
DNSReport
NS
Missing (stealth) nameservers
15
PASS
OK. All 6 of your nameservers (as reported by your
nameservers) are also listed at the parent servers.
DNSReport
NS
Missing nameservers 2
16
PASS
OK. All of the nameservers listed at the parent
nameservers are also listed as NS records at your nameservers.
DNSReport
NS
No CNAMEs for domain
17
PASS
OK. There are no CNAMEs for crwdcntrl.net.
href="http://www.DNSstuff.com/pages/rfc1912.htm">RFC1912 2.4 and
href="/tools/rfc.ch?detail=2181">RFC2181 10.3 state that there
should be no CNAMEs if an NS (or any other) record is present.
DNSReport
NS
No NSs with CNAMEs
18
PASS
OK. There are no CNAMEs for your NS records.
href="http://www.DNSstuff.com/pages/rfc1912.htm">RFC1912 2.4
and href="/tools/rfc.ch?detail=2181">RFC2181 10.3 state that
there should be no CNAMEs if an NS (or any other) record is present.
DNSReport
NS
Nameservers on separate class C's
19
PASS
OK. You have nameservers on different Class C (technically, /24) IP ranges.
You must have nameservers at geographically and topologically dispersed locations.
href="http://www.DNSstuff.com/pages/rfc2182.htm">RFC2182 3.1 goes into more
detail about secondary nameserver location.
DNSReport
NS
All NS IPs public
20
PASS
OK. All of your NS records appear to use public IPs. If there were any private IPs,
they would not be reachable, causing DNS delays.
DNSReport
NS
TCP Allowed
21
WARN
WARNING: One or more of your DNS servers does not accept TCP connections. Although
rarely used, TCP connections are occasionally used instead of UDP connections. When
firewalls block the TCP DNS connections, it can cause hard-to-diagnose problems.
The problem servers are:
204.74.114.1: Timeout.
204.74.115.1: Timeout.
DNSReport
NS
Nameservers versions
23
INFO
Your nameservers have the following versions:
204.74.108.1: "UltraDNS
Resolver"
204.74.108.1: "UltraDNS (tm) by UltraDNS Corporation"
204.74.108.1:
"(this is not a 'bind' server)"
204.74.108.1: "http://www.ultradns.com/"
/>204.74.109.1: "UltraDNS Resolver"
204.74.109.1: "UltraDNS (tm) by UltraDNS
Corporation"
204.74.109.1: "(this is not a 'bind' server)"
204.74.109.1:
"http://www.ultradns.com/"
199.7.68.1: "UltraDNS Resolver"
199.7.68.1:
"UltraDNS (tm) by UltraDNS Corporation"
199.7.68.1: "(this is not a 'bind'
server)"
199.7.68.1: "http://www.ultradns.com/"
199.7.69.1: "UltraDNS
Resolver"
199.7.69.1: "UltraDNS (tm) by UltraDNS Corporation"
199.7.69.1: "(this
is not a 'bind' server)"
199.7.69.1: "http://www.ultradns.com/"
204.74.114.1:
"UltraDNS Resolver"
204.74.114.1: "UltraDNS (tm) by UltraDNS Corporation"
/>204.74.114.1: "(this is not a 'bind' server)"
204.74.114.1:
"http://www.ultradns.com/"
204.74.115.1: "UltraDNS Resolver"
204.74.115.1:
"UltraDNS (tm) by UltraDNS Corporation"
204.74.115.1: "(this is not a 'bind'
server)"
204.74.115.1: "http://www.ultradns.com/"
DNSReport
NS
Stealth NS record leakage
24
PASS
Your DNS servers do not leak any stealth NS records (if any) in non-NS
requests.
DNSReport
SOA
SOA record
25
INFO
Your SOA record [TTL=86400] is:
Primary nameserver: pdns1.ultradns.net.
Hostmaster E-mail address: netops.lotame.com.
Serial #: 2008040300
Refresh: 86400
Retry: 7200
Expire: 604800
Default TTL: 900
DNSReport
SOA
NS agreement on SOA Serial #
26
PASS
OK. All your nameservers agree that your SOA serial number is 2008040300.
That means that all your nameservers are using the same data (unless you
have different sets of data with the same serial number, which would be
very bad)! Note that the DNSreport only checks the NS records listed at
the parent servers (not any stealth servers).
DNSReport
SOA
SOA MNAME Check
27
PASS
OK. Your SOA (Start of Authority) record states that your master
(primary) name server is: pdns1.ultradns.net.. That server is listed at
the parent servers, which is correct.
DNSReport
SOA
SOA RNAME Check
28
PASS
OK. Your SOA (Start of Authority) record states that your DNS
contact E-mail address is: netops@lotame.com. (techie note: we have
changed the initial '.' to an '@' for display purposes).
DNSReport
SOA
SOA Serial Number
29
PASS
OK. Your SOA serial number is: 2008040300. This appears to be in the
recommended format of YYYYMMDDnn, where 'nn' is the revision. So this
indicates that your DNS was last updated on 03 Apr 2008 (and was
revision #0). This number must be incremented every time you make a
DNS change.
DNSReport
SOA
SOA REFRESH value
30
WARN
WARNING: Your SOA REFRESH interval is : 86400 seconds. This seems
high. You should consider decreasing this value to about 3600-7200
seconds (or higher, if using DNS NOTIFY). RFC1912 2.2 recommends a
value between 1200 to 43200 seconds (20 minutes to 12 hours, with
the longer time periods used for very slow Internet connections),
and if you are using DNS NOTIFY the refresh value is not as important
(RIPE recommend 86400 seconds if using DNS NOTIFY). This value determines
how often secondary/slave nameservers check with the master for updates.
A value that is too high will cause DNS changes to be in limbo for
a long time.
DNSReport
SOA
SOA RETRY value
31
PASS
OK. Your SOA RETRY interval is : 7200 seconds. This seems normal (about
120-7200 seconds is good). The retry value is the amount of time your
secondary/slave nameservers will wait to contact the master nameserver
again if the last attempt failed.
DNSReport
SOA
SOA EXPIRE value
32
PASS
OK. Your SOA EXPIRE time: 604800 seconds. This seems normal (about 1209600 to
2419200 seconds (2-4 weeks) is good). RFC1912 suggests 2-4 weeks. This is how
long a secondary/slave nameserver will wait before considering its DNS data
stale if it can't reach the primary nameserver.
DNSReport
SOA
SOA MINIMUM TTL value
33
PASS
OK. Your SOA MINIMUM TTL is: 900 seconds. This seems normal (about 3,600 to
86400 seconds or 1-24 hours is good). RFC2308 suggests a value of 1-3 hours.
This value used to determine the default (technically, minimum) TTL
(time-to-live) for DNS entries, but now is used for negative caching.
DNSReport
MX
MX Category
34
FAIL
ERROR: I couldn't find any MX records for crwdcntrl.net. If you want to receive
E-mail on this domain, you should have MX record(s). Without any MX records,
mailservers should attempt to deliver mail to the A record for crwdcntrl.net.
I can't continue in a case like this, so I'm assuming you don't receive
mail on this domain.
DNSReport
Mail
Connect to mail servers
45
FAIL
ERROR: I could not find any mailservers for crwdcntrl.net.
DNSReport
WWW
WWW Record
53
INFO
Your www.crwdcntrl.net A record is:
www.crwdcntrl.net. CNAME
crwdcntrl.net. [TTL=86400]
crwdcntrl.net. A 72.32.168.198 [TTL=86400] []
DNSReport
WWW
All WWW IPs public
54
PASS
OK. All of your WWW IPs appear to be public IPs. If there were any private IPs, they
would not be reachable, causing problems reaching your web site.
DNSReport
WWW
CNAME Lookup
55
PASS
OK. You do have a CNAME record for www.crwdcntrl.net, which can
cause some confusion. However, this is legal. Your CNAME entry also returns
the A record for the CNAME entry, which is good -- otherwise, it would require
an extra DNS lookup, which slightly delays the initial access to the website and
use extra bandwidth. Note that if the CNAME points to another CNAME, it will
likely cause problems.
DNSReport
WWW
Domain A Lookup
56
INFO
Your crwdcntrl.net A record is:
crwdcntrl.net. A 72.32.168.198 [TTL=86400]
|
DNSstuff.com | 3711 South MoPac Expressway | Building Two | Austin, Texas 78746
Technical Support Hours: Monday - Friday | 9 AM - 6 PM EST
© Copyright 2003-2012 SolarWinds. All Rights Reserved