DNS Records for
collectorsshop.ru
๐ Hunting for rogue glue records.
DNS Records forcollectorsshop.ru
Domain DNS Health Score
79%
Total Tests
34
Passed
27
Critical Issues
2
First-Visit DNS
~35ms
Excellent
Returning Visit
~0ms
Fully cached
CNAME Depth
None
Direct A record
TTL Strategy
Needs Attention
1 record type has suboptimal TTL values
DNS Provider
DNS Provider
Avg NS Response
259ms
Slow
Insights
A1
AAAA0
NS6
MX1
TXT1
SPFok
DMARCwarn
DNSSECfail
CAAinfo
84%
37/44 tests
TTL cache lifetime
1m
5m
30m
1h
4h
1d
2d
7d
A
Solid caching TTL (10 min). Reduces DNS lookup overhead for returning visitors.10 min
NS
Low NS TTL (5 min). NS records rarely change โ consider 86400s (1 day) or higher.5 min
MX
5 min โ appropriate for mail server records.5 min
SOA
5 min
TXT
5 min โ appropriate for TXT records.5 min
Resolution waterfall
First visit ~35msReturning ~0ms
Root โ TLD nameserver
5ms
TLD โ Authoritative NS
20ms
NS โ A record (apex)
15ms
Benchmark: excellent
Per-nameserver response time
avg 259msspread 16ms
ns1.beget.ru
256ms
ns2.beget.pro
260ms
ns1.beget.pro
252ms
ns2.beget.com
260ms
ns1.beget.com
268ms
ns2.beget.ru
256ms
Provider DNS Provider
www resolution
www.collectorsshop.ruDirect A record โ no CNAME chain
45.141.76.14SOA timing
Serial
1776388938Refresh
5 min
How often secondaries re-check
Retry
10 min
Wait after a failed refresh
Expire
1 day
Secondaries stop serving after
Min TTL
5 min
Negative cache duration
Zone last updated
Serial format isn't YYYYMMDDnn โ age can't be inferred.
Negative cache
NXDOMAIN responses are cached for 5 min. Typos against this zone stick around that long.
Glue records at parent
via f.dns.ripn.net
| Nameserver | IPv4 | IPv6 | Zone match |
|---|---|---|---|
| ns1.beget.ru | 5.101.159.11 | โ | match |
| ns1.beget.pro | 5.101.159.11 | โ | match |
| ns1.beget.com | 5.101.159.11 | โ | match |
| ns2.beget.ru | 185.50.27.12 | โ | match |
| ns2.beget.com | 185.50.27.12 | โ | match |
| ns2.beget.pro | 185.50.27.12 | โ | match |
Mail exchange priority
1 MX record
pref 10
mx.yandex.net
Primary
Only one MX record โ no failover path if this server is unreachable.
SPF mechanism chain
v=spf1
include:_spf.yandex.ruDelegate check to another SPF
include:beget.comDelegate check to another SPF
~allsoftfail
These nameservers are responsible for answering queries about your domain
6 Records
ns1.beget.ru
ns1.beget.pro
ns1.beget.com
ns2.beget.ru
ns2.beget.com
ns2.beget.pro
Source: This information was kindly provided by f.dns.ripn.net ๐๐ผ
Error
Error: Could not verify proper TLD delegation. The parent nameserver f.dns.ripn.net did not return NS records for your domain. This could indicate a delegation issue that needs to be resolved with your domain registrar.
Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution.
Glue Records from Parent Server
Information provided by f.dns.ripn.net
ns1.beget.ru
Nameserver
IPv4 Addresses:
5.101.159.11ns1.beget.pro
Nameserver
IPv4 Addresses:
5.101.159.11ns1.beget.com
Nameserver
IPv4 Addresses:
5.101.159.11ns2.beget.ru
Nameserver
IPv4 Addresses:
185.50.27.12ns2.beget.com
Nameserver
IPv4 Addresses:
185.50.27.12ns2.beget.pro
Nameserver
IPv4 Addresses:
185.50.27.12Note:
The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution.
| Status | Test name | Information |
|---|---|---|
Authoritative Nameservers | These nameservers are responsible for answering queries about your domain 6 Records ns1.beget.runs1.beget.prons1.beget.comns2.beget.runs2.beget.comns2.beget.proSource: This information was kindly provided by f.dns.ripn.net ๐๐ผ | |
TLD Delegation Check | Error: Could not verify proper TLD delegation. The parent nameserver f.dns.ripn.net did not return NS records for your domain. This could indicate a delegation issue that needs to be resolved with your domain registrar. | |
Nameservers Listed at Parent | Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution. | |
Glue Records from Parent | Glue Records from Parent ServerInformation provided by f.dns.ripn.net ns1.beget.ruNameserver IPv4 Addresses: 5.101.159.11ns1.beget.proNameserver IPv4 Addresses: 5.101.159.11ns1.beget.comNameserver IPv4 Addresses: 5.101.159.11ns2.beget.ruNameserver IPv4 Addresses: 185.50.27.12ns2.beget.comNameserver IPv4 Addresses: 185.50.27.12ns2.beget.proNameserver IPv4 Addresses: 185.50.27.12Note: The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution. |
ns1.beget.ru
IPv4 Addresses
5.101.159.11
Authoritative
Non-Recursive
TCP
UDP
TTL: 345,600s (4 days)
ns2.beget.pro
IPv4 Addresses
185.50.27.12
Authoritative
Non-Recursive
TCP
UDP
TTL: 345,600s (4 days)
ns1.beget.pro
IPv4 Addresses
5.101.159.11
Authoritative
Non-Recursive
TCP
UDP
TTL: 345,600s (4 days)
ns2.beget.com
IPv4 Addresses
185.50.27.12
Authoritative
Non-Recursive
TCP
UDP
TTL: 345,600s (4 days)
ns1.beget.com
IPv4 Addresses
5.101.159.11
Authoritative
Non-Recursive
TCP
UDP
TTL: 345,600s (4 days)
ns2.beget.ru
IPv4 Addresses
185.50.27.12
Authoritative
Non-Recursive
TCP
UDP
TTL: 345,600s (4 days)
Good. No nameservers allow recursive queries.
The GLUE records from the parent zone match those from your nameservers. This is important for consistent DNS resolution.
Note: Your nameservers are not under your domain, so additional glue records are not required.
Good. The NS records at all your nameservers are identical.
Good. All nameservers listed at the parent server responded.
All NS records appear to be valid hostnames.
You have 6 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability.
Good. All nameservers are answering authoritatively for your domain.
Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6.
Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6.
Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3.
Warning
Found 6 pair(s) of nameserver IPs in the same /16 subnet. For better redundancy, consider using nameservers on different subnets as recommended by RFC2182 section 5. Affected pairs: 5.101.159.11 and 5.101.159.11, 5.101.159.11 and 5.101.159.11, 185.50.27.12 and 185.50.27.12, 185.50.27.12 and 185.50.27.12, 5.101.159.11 and 5.101.159.11, 185.50.27.12 and 185.50.27.12. Note: providers using anycast may have geographic redundancy despite shared subnets.
Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035.
Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035.
Good. All DNS servers allow UDP connections, which is required for standard DNS queries.
Good. Your nameservers appear to be on different networks, providing better redundancy.
Good. All nameservers in your zone are properly registered at the parent. This ensures consistent DNS resolution for all users.
| Status | Test name | Information |
|---|---|---|
Nameserver Records from Zone | ns1.beget.ruIPv4 Addresses 5.101.159.11 Authoritative Non-Recursive TCP UDP TTL: 345,600s (4 days) ns2.beget.proIPv4 Addresses 185.50.27.12 Authoritative Non-Recursive TCP UDP TTL: 345,600s (4 days) ns1.beget.proIPv4 Addresses 5.101.159.11 Authoritative Non-Recursive TCP UDP TTL: 345,600s (4 days) ns2.beget.comIPv4 Addresses 185.50.27.12 Authoritative Non-Recursive TCP UDP TTL: 345,600s (4 days) ns1.beget.comIPv4 Addresses 5.101.159.11 Authoritative Non-Recursive TCP UDP TTL: 345,600s (4 days) ns2.beget.ruIPv4 Addresses 185.50.27.12 Authoritative Non-Recursive TCP UDP TTL: 345,600s (4 days) | |
Open Recursive Queries | Good. No nameservers allow recursive queries. | |
Glue Record Consistency | The GLUE records from the parent zone match those from your nameservers. This is important for consistent DNS resolution. | |
Missing Glue for NS Records | Note: Your nameservers are not under your domain, so additional glue records are not required. | |
Mismatched NS records | Good. The NS records at all your nameservers are identical. | |
DNS servers responded | Good. All nameservers listed at the parent server responded. | |
Name of nameservers are valid | All NS records appear to be valid hostnames. | |
Nameserver Redundancy Check | You have 6 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability. | |
Lame Delegation Check | Good. All nameservers are answering authoritatively for your domain. | |
Parent Missing Nameservers | Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6. | |
Zone Missing Nameservers | Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6. | |
CNAMEs at Apex Check | Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3. | |
NS IP Subnet Diversity | Found 6 pair(s) of nameserver IPs in the same /16 subnet. For better redundancy, consider using nameservers on different subnets as recommended by RFC2182 section 5. Affected pairs: 5.101.159.11 and 5.101.159.11, 5.101.159.11 and 5.101.159.11, 185.50.27.12 and 185.50.27.12, 185.50.27.12 and 185.50.27.12, 5.101.159.11 and 5.101.159.11, 185.50.27.12 and 185.50.27.12. Note: providers using anycast may have geographic redundancy despite shared subnets. | |
NS IP Public Accessibility | Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035. | |
DNS servers allow TCP connection | Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035. | |
DNS servers allow UDP connection | Good. All DNS servers allow UDP connections, which is required for standard DNS queries. | |
NS AS Diversity Check | Good. Your nameservers appear to be on different networks, providing better redundancy. | |
Stealth Nameserver Check | Good. All nameservers in your zone are properly registered at the parent. This ensures consistent DNS resolution for all users. |
Info
Primary Nameserver
ns1.beget.com
Hostmaster Email
hostmaster.beget.com
Serial Number
1776388938
Non-Standard (Unix Timestamp)
A unique version number that changes whenever the zone file is updated
Time Intervals
Refresh300 seconds (5 minutes)
How often secondary nameservers check for updates (20m - 24h)
Retry600 seconds (10 minutes)
How long to wait before retrying a failed zone transfer (2m - 2h)
Expire86400 seconds (1 days)
How long secondary servers serve stale zone data (1w - 4w)
TTL300 seconds (5 minutes)
Default time-to-live for resource records (5m - 24h)
SOA Serial numbers per nameserver:
ns1.beget.ru: 1776388938
ns2.beget.pro: 1776388938
ns1.beget.pro: 1776388938
ns2.beget.com: 1776388938
ns1.beget.com: 1776388938
ns2.beget.ru: 1776388938
Good. All nameservers report the same SOA serial number.
Pass
OK. ns1.beget.com is correctly listed as one of your nameservers.
Info
Your SOA serial number is: 1776388938.
Warning
Warning: SOA REFRESH interval is 300 seconds (5 minutes). This is below the recommended minimum of 1200 seconds as per RFC1912 section 2.2.
Warning
Warning: SOA RETRY value (600 seconds) is higher than refresh (300 seconds). According to RFC1912 section 2.2, retry should be less than refresh to prevent unnecessary zone transfer attempts.
Warning
Current expire time is 86400 seconds (1 days).
Warning: Common practice recommends a minimum of 14 days (1209600 seconds) to ensure secondary servers can continue serving during extended outages.
Pass
OK. Your SOA MINIMUM TTL is: 300 seconds (5 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4.
| Status | Test name | Information |
|---|---|---|
SOA record | Primary Nameserverns1.beget.com Hostmaster Emailhostmaster.beget.com Serial Number 1776388938 Non-Standard (Unix Timestamp) A unique version number that changes whenever the zone file is updated Time IntervalsRefresh300 seconds (5 minutes) How often secondary nameservers check for updates (20m - 24h) Retry600 seconds (10 minutes) How long to wait before retrying a failed zone transfer (2m - 2h) Expire86400 seconds (1 days) How long secondary servers serve stale zone data (1w - 4w) TTL300 seconds (5 minutes) Default time-to-live for resource records (5m - 24h) | |
SOA Serial Consistency | SOA Serial numbers per nameserver:
ns1.beget.ru: 1776388938
ns2.beget.pro: 1776388938
ns1.beget.pro: 1776388938
ns2.beget.com: 1776388938
ns1.beget.com: 1776388938
ns2.beget.ru: 1776388938
Good. All nameservers report the same SOA serial number. | |
SOA MNAME entry | OK. ns1.beget.com is correctly listed as one of your nameservers. | |
SOA Serial | Your SOA serial number is: 1776388938. | |
SOA REFRESH | Warning: SOA REFRESH interval is 300 seconds (5 minutes). This is below the recommended minimum of 1200 seconds as per RFC1912 section 2.2. | |
SOA RETRY | Warning: SOA RETRY value (600 seconds) is higher than refresh (300 seconds). According to RFC1912 section 2.2, retry should be less than refresh to prevent unnecessary zone transfer attempts. | |
SOA EXPIRE | Current expire time is 86400 seconds (1 days).
Warning: Common practice recommends a minimum of 14 days (1209600 seconds) to ensure secondary servers can continue serving during extended outages. | |
SOA MINIMUM TTL | OK. Your SOA MINIMUM TTL is: 300 seconds (5 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4. |
IPv4 Configuration
Single IPv4 address configuration
IPv4 Addresses
158.160.228.46TTL: 600s
Provides a good balance between propagation speed and DNS loadPass
TTL of 600 seconds provides a good balance between propagation speed and DNS load.
| Status | Test name | Information |
|---|---|---|
A Record Configuration | IPv4 ConfigurationSingle IPv4 address configuration IPv4 Addresses 158.160.228.46TTL: 600s Provides a good balance between propagation speed and DNS load | |
A Record TTL | TTL of 600 seconds provides a good balance between propagation speed and DNS load. |
Info
No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users.
| Status | Test name | Information |
|---|---|---|
IPv6 Support | No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users. |
Info
MX analysis was skipped due to time constraints. The analysis took longer than expected, likely due to slow or unreachable nameservers.
| Status | Test name | Information |
|---|---|---|
MX Analysis | MX analysis was skipped due to time constraints. The analysis took longer than expected, likely due to slow or unreachable nameservers. |
WWW record type: A
www.
A Record
IPv4 Addresses
45.141.76.14Recommendation
Consider using a CNAME record for better flexibility
| Status | Test name | Information |
|---|---|---|
WWW Configuration | WWW record type: A www. A Record IPv4 Addresses 45.141.76.14Recommendation Consider using a CNAME record for better flexibility |
Error
DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider.
Pass
Zone transfer (AXFR) is properly restricted. Tested 6 nameservers โ all refused the transfer request.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr
Pass
Good. Tested notrealdnschkr.collectorsshop.ru - No wildcard DNS records found, ensuring random subdomains won't resolve to an IP address.
Good. Tested notrealdnschkr.collectorsshop.ru - Server returns NXDOMAIN for non-existent domains. While an SOA record is recommended, NXDOMAIN alone is a valid response.
Info
No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain.
Checked 8 common subdomains. Found 1 CNAME record โ all targets resolve correctly. No dangling CNAME risk detected.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover
| Status | Test name | Information |
|---|---|---|
DNSSEC | DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider. | |
Zone Transfer | Zone transfer (AXFR) is properly restricted. Tested 6 nameservers โ all refused the transfer request.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr | |
Wildcard DNS | Good. Tested notrealdnschkr.collectorsshop.ru - No wildcard DNS records found, ensuring random subdomains won't resolve to an IP address. | |
NXDOMAIN Response | Good. Tested notrealdnschkr.collectorsshop.ru - Server returns NXDOMAIN for non-existent domains. While an SOA record is recommended, NXDOMAIN alone is a valid response. | |
CAA Records | No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain. | |
Subdomain Takeover | Checked 8 common subdomains. Found 1 CNAME record โ all targets resolve correctly. No dangling CNAME risk detected.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover |
Info
Click any row to copy the raw value
v | spf1 include:_spf.yandex.ru include:beget.com ~all |
Showing 1 of 1 record
Pass
Found SPF record: v=spf1 include:_spf.yandex.ru include:beget.com ~all
Warning
No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security.
| Status | Test name | Information | ||||
|---|---|---|---|---|---|---|
TXT Records | Click any row to copy the raw value
Showing 1 of 1 record | |||||
SPF Record | Found SPF record: v=spf1 include:_spf.yandex.ru include:beget.com ~all | |||||
DMARC Record | No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security. |