DNS Records for
getsmartermarketing.com
๐ Hunting for rogue glue records.
DNS Records forgetsmartermarketing.com
Domain DNS Health Score
88%
Total Tests
41
Passed
36
Critical Issues
1
Top Recommendations:
First-Visit DNS
~65ms
Good
Returning Visit
~0ms
Fully cached
CNAME Depth
2 hops
Optimal
TTL Strategy
Balanced
TTL values are well-balanced across record types
DNS Provider
DNS Provider
Avg NS Response
0ms
Fast
These nameservers are responsible for answering queries about your domain
2 Records
ns1.namebrightdns.com
ns2.namebrightdns.com
Source: This information was kindly provided by j.gtld-servers.net ๐๐ผ
Good. j.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated.
Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution.
Glue Records from Parent Server
Information provided by j.gtld-servers.net
ns1.namebrightdns.com
Nameserver
IPv4 Addresses:
18.209.99.93.87.120.12154.221.97.121IPv6 Addresses:
2600:1f18:683a:ae1a:941d:603c:10ae:a55b2600:1f18:683a:ae1a:b388:33d7:6b80:b8692600:1f18:683a:ae1b:76c:f6ba:3590:e4292600:1f18:683a:ae1b:852a:590e:7ebc:38bfns2.namebrightdns.com
Nameserver
IPv4 Addresses:
54.211.194.6554.221.2.15IPv6 Addresses:
2600:1f18:683a:ae1b:bf91:b34b:ccd0:1e3cNote:
The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution.
| Status | Test name | Information |
|---|---|---|
Authoritative Nameservers | These nameservers are responsible for answering queries about your domain 2 Records ns1.namebrightdns.comns2.namebrightdns.comSource: This information was kindly provided by j.gtld-servers.net ๐๐ผ | |
TLD Delegation Check | Good. j.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated. | |
Nameservers Listed at Parent | Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution. | |
Glue Records from Parent | Glue Records from Parent ServerInformation provided by j.gtld-servers.net ns1.namebrightdns.comNameserver IPv4 Addresses: 18.209.99.93.87.120.12154.221.97.121IPv6 Addresses: 2600:1f18:683a:ae1a:941d:603c:10ae:a55b2600:1f18:683a:ae1a:b388:33d7:6b80:b8692600:1f18:683a:ae1b:76c:f6ba:3590:e4292600:1f18:683a:ae1b:852a:590e:7ebc:38bfns2.namebrightdns.comNameserver IPv4 Addresses: 54.211.194.6554.221.2.15IPv6 Addresses: 2600:1f18:683a:ae1b:bf91:b34b:ccd0:1e3cNote: The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution. |
ns2.namebrightdns.com
IPv4 Addresses
54.221.2.15
54.211.194.65
IPv6 Addresses
2600:1f18:683a:ae1b:bf91:b34b:ccd0:1e3c
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
ns1.namebrightdns.com
IPv4 Addresses
18.209.99.9
54.221.97.121
3.87.120.121
IPv6 Addresses
2600:1f18:683a:ae1a:b388:33d7:6b80:b869
2600:1f18:683a:ae1b:76c:f6ba:3590:e429
2600:1f18:683a:ae1a:941d:603c:10ae:a55b
2600:1f18:683a:ae1b:852a:590e:7ebc:38bf
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
Good. No nameservers allow recursive queries.
The GLUE records from the parent zone match those from your nameservers. This is important for consistent DNS resolution.
Note: Your nameservers are not under your domain, so additional glue records are not required.
Good. The NS records at all your nameservers are identical.
Good. All nameservers listed at the parent server responded.
All NS records appear to be valid hostnames.
You have 2 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability.
Good. All nameservers are answering authoritatively for your domain.
Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6.
Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6.
Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3.
Warning
Found 1 pair(s) of nameserver IPs in the same /16 subnet. For better redundancy, consider using nameservers on different subnets as recommended by RFC2182 section 5. Affected pairs: 54.221.2.15 and 54.221.97.121. Note: providers using anycast may have geographic redundancy despite shared subnets.
Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035.
Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035.
Good. All DNS servers allow UDP connections, which is required for standard DNS queries.
Good. Your nameservers appear to be on different networks, providing better redundancy.
Good. All nameservers in your zone are properly registered at the parent. This ensures consistent DNS resolution for all users.
| Status | Test name | Information |
|---|---|---|
Nameserver Records from Zone | ns2.namebrightdns.comIPv4 Addresses 54.221.2.15 54.211.194.65 IPv6 Addresses 2600:1f18:683a:ae1b:bf91:b34b:ccd0:1e3c Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) ns1.namebrightdns.comIPv4 Addresses 18.209.99.9 54.221.97.121 3.87.120.121 IPv6 Addresses 2600:1f18:683a:ae1a:b388:33d7:6b80:b869 2600:1f18:683a:ae1b:76c:f6ba:3590:e429 2600:1f18:683a:ae1a:941d:603c:10ae:a55b 2600:1f18:683a:ae1b:852a:590e:7ebc:38bf Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) | |
Open Recursive Queries | Good. No nameservers allow recursive queries. | |
Glue Record Consistency | The GLUE records from the parent zone match those from your nameservers. This is important for consistent DNS resolution. | |
Missing Glue for NS Records | Note: Your nameservers are not under your domain, so additional glue records are not required. | |
Mismatched NS records | Good. The NS records at all your nameservers are identical. | |
DNS servers responded | Good. All nameservers listed at the parent server responded. | |
Name of nameservers are valid | All NS records appear to be valid hostnames. | |
Nameserver Redundancy Check | You have 2 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability. | |
Lame Delegation Check | Good. All nameservers are answering authoritatively for your domain. | |
Parent Missing Nameservers | Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6. | |
Zone Missing Nameservers | Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6. | |
CNAMEs at Apex Check | Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3. | |
NS IP Subnet Diversity | Found 1 pair(s) of nameserver IPs in the same /16 subnet. For better redundancy, consider using nameservers on different subnets as recommended by RFC2182 section 5. Affected pairs: 54.221.2.15 and 54.221.97.121. Note: providers using anycast may have geographic redundancy despite shared subnets. | |
NS IP Public Accessibility | Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035. | |
DNS servers allow TCP connection | Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035. | |
DNS servers allow UDP connection | Good. All DNS servers allow UDP connections, which is required for standard DNS queries. | |
NS AS Diversity Check | Good. Your nameservers appear to be on different networks, providing better redundancy. | |
Stealth Nameserver Check | Good. All nameservers in your zone are properly registered at the parent. This ensures consistent DNS resolution for all users. |
Info
Primary Nameserver
ns1.namebrightdns.com
Hostmaster Email
dns.namebright.com
Serial Number
2026041101
Recently Updated (Standard Format)
A unique version number that changes whenever the zone file is updated
Time Intervals
Refresh28800 seconds (8 hours)
How often secondary nameservers check for updates (20m - 24h)
Retry5000 seconds (1 hours)
How long to wait before retrying a failed zone transfer (2m - 2h)
Expire1209600 seconds (14 days)
How long secondary servers serve stale zone data (1w - 4w)
TTL10800 seconds (3 hours)
Default time-to-live for resource records (5m - 24h)
SOA Serial numbers per nameserver:
ns2.namebrightdns.com: 2026041101
ns1.namebrightdns.com: 2026041101
Good. All nameservers report the same SOA serial number.
Pass
OK. ns1.namebrightdns.com is correctly listed as one of your nameservers.
Info
Your SOA serial number is: 2026041101.
Pass
OK. Your SOA REFRESH interval is: 28800 seconds (480 minutes). This is within the recommended range of 1200-43200 seconds as per RFC1912 section 2.2.
Pass
OK. Your SOA RETRY value is: 5000 seconds (83 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2.
Pass
Current expire time is 1209600 seconds (14 days).
Pass
OK. Your SOA MINIMUM TTL is: 10800 seconds (180 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4.
| Status | Test name | Information |
|---|---|---|
SOA record | Primary Nameserverns1.namebrightdns.com Hostmaster Emaildns.namebright.com Serial Number 2026041101 Recently Updated (Standard Format) A unique version number that changes whenever the zone file is updated Time IntervalsRefresh28800 seconds (8 hours) How often secondary nameservers check for updates (20m - 24h) Retry5000 seconds (1 hours) How long to wait before retrying a failed zone transfer (2m - 2h) Expire1209600 seconds (14 days) How long secondary servers serve stale zone data (1w - 4w) TTL10800 seconds (3 hours) Default time-to-live for resource records (5m - 24h) | |
SOA Serial Consistency | SOA Serial numbers per nameserver:
ns2.namebrightdns.com: 2026041101
ns1.namebrightdns.com: 2026041101
Good. All nameservers report the same SOA serial number. | |
SOA MNAME entry | OK. ns1.namebrightdns.com is correctly listed as one of your nameservers. | |
SOA Serial | Your SOA serial number is: 2026041101. | |
SOA REFRESH | OK. Your SOA REFRESH interval is: 28800 seconds (480 minutes). This is within the recommended range of 1200-43200 seconds as per RFC1912 section 2.2. | |
SOA RETRY | OK. Your SOA RETRY value is: 5000 seconds (83 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2. | |
SOA EXPIRE | Current expire time is 1209600 seconds (14 days). | |
SOA MINIMUM TTL | OK. Your SOA MINIMUM TTL is: 10800 seconds (180 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4. |
IPv4 Configuration
Your domain is using AWS's infrastructure for content delivery and security
IPv4 Addresses
54.165.131.18352.44.244.98Configuration Benefits
Global content delivery
Content served from edge locations worldwide
DDoS protection
Built-in protection against distributed denial-of-service attacks
Load balancing
Intelligent traffic distribution across global network
Automatic failover
Seamless switching to healthy servers during outages
TTL: 10800s
Provides a good balance between propagation speed and DNS loadPass
TTL of 10800 seconds provides a good balance between propagation speed and DNS load.
| Status | Test name | Information |
|---|---|---|
A Record Configuration | IPv4 ConfigurationYour domain is using AWS's infrastructure for content delivery and security IPv4 Addresses 54.165.131.18352.44.244.98Configuration Benefits Global content delivery Content served from edge locations worldwide DDoS protection Built-in protection against distributed denial-of-service attacks Load balancing Intelligent traffic distribution across global network Automatic failover Seamless switching to healthy servers during outages TTL: 10800s Provides a good balance between propagation speed and DNS load | |
A Record TTL | TTL of 10800 seconds provides a good balance between propagation speed and DNS load. |
IPv6 Configuration
Your domain is using AWS's infrastructure for content delivery and security
IPv6 Addresses
2600:1f18:4ae:c607:d1d9:565f:b122:bfdb2600:1f18:4ae:c608:83f8:2f9c:4a61:7b6aTTL: 5217s
Provides a good balance between propagation speed and DNS load| Status | Test name | Information |
|---|---|---|
IPv6 Configuration | IPv6 ConfigurationYour domain is using AWS's infrastructure for content delivery and security IPv6 Addresses 2600:1f18:4ae:c607:d1d9:565f:b122:bfdb2600:1f18:4ae:c608:83f8:2f9c:4a61:7b6aTTL: 5217s Provides a good balance between propagation speed and DNS load |
All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery.
Mail Exchange Configuration
| Priority | Mail Server | Actions |
|---|---|---|
10 | mail1.namebrightmail.com | |
10 | mail2.namebrightmail.com |
All mail server hostnames are properly formatted.
All mail servers use public IP addresses, ensuring global email delivery.
Pass
Mail servers are properly configured without CNAME records.
Pass
Each mail server has unique IP addresses, indicating proper distribution of mail handling.
Reverse DNS Records
All Valid
| PTR Query | Hostname |
|---|---|
26.35.35.66.in-addr.arpa | mail1.namebrightmail.com |
28.35.35.66.in-addr.arpa | mail2.namebrightmail.com |
Proper reverse DNS records are essential for email deliverability. Mail servers often check if sending IPs have matching PTR records.
| Status | Test name | Information | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Mail Server Consistency | All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery. | ||||||||||
Mail Server Configuration | Mail Exchange Configuration
| ||||||||||
Mail Server Hostname Validation | All mail server hostnames are properly formatted. | ||||||||||
Public IP Validation | All mail servers use public IP addresses, ensuring global email delivery. | ||||||||||
CNAME Validation | Mail servers are properly configured without CNAME records. | ||||||||||
IP Uniqueness | Each mail server has unique IP addresses, indicating proper distribution of mail handling. | ||||||||||
Reverse DNS Records | Reverse DNS RecordsAll Valid
Proper reverse DNS records are essential for email deliverability. Mail servers often check if sending IPs have matching PTR records. |
WWW record type: CNAME
www.
CNAME Record
comingsoon.namebright.com
Resolves To
IPv4 Resolution
54.165.131.18352.44.244.98IPv6 Resolution
2600:1f18:4ae:c607:d1d9:565f:b122:bfdb2600:1f18:4ae:c608:83f8:2f9c:4a61:7b6a| Status | Test name | Information |
|---|---|---|
WWW Configuration | WWW record type: CNAME www. CNAME Record comingsoon.namebright.com Resolves To IPv4 Resolution 54.165.131.18352.44.244.98IPv6 Resolution 2600:1f18:4ae:c607:d1d9:565f:b122:bfdb2600:1f18:4ae:c608:83f8:2f9c:4a61:7b6a |
Error
DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider.
Pass
Zone transfer (AXFR) is properly restricted. Tested 2 nameservers โ all refused the transfer request.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr
Warning
Warning: Wildcard DNS records found. This means any subdomain will resolve to an IP address, which could pose security risks.
Warning
Warning: Server does not return NXDOMAIN for non-existent domains. This could indicate misconfiguration or intentional wildcard records.
Info
No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain.
Checked 8 common subdomains. Found 8 CNAME records โ all targets resolve correctly. No dangling CNAME risk detected.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover
| Status | Test name | Information |
|---|---|---|
DNSSEC | DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider. | |
Zone Transfer | Zone transfer (AXFR) is properly restricted. Tested 2 nameservers โ all refused the transfer request.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr | |
Wildcard DNS | Warning: Wildcard DNS records found. This means any subdomain will resolve to an IP address, which could pose security risks. | |
NXDOMAIN Response | Warning: Server does not return NXDOMAIN for non-existent domains. This could indicate misconfiguration or intentional wildcard records. | |
CAA Records | No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain. | |
Subdomain Takeover | Checked 8 common subdomains. Found 8 CNAME records โ all targets resolve correctly. No dangling CNAME risk detected.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover |
Info
Click any row to copy the raw value
google-site-verification | YourUniqueGoogleVerificationCode |
v | spf1 a:smtpout1.namebrightmail.com a:smtpout2.namebrightmail.com include:namebrightmail.com -all |
Showing 2 of 2 records
Pass
Found SPF record: v=spf1 a:smtpout1.namebrightmail.com a:smtpout2.namebrightmail.com include:namebrightmail.com -all
Warning
No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security.
Click any row to copy the raw value
google-site-verification | YourUniqueGoogleVerificationCode |
Showing 1 of 1 record
| Status | Test name | Information | ||||||
|---|---|---|---|---|---|---|---|---|
TXT Records | Click any row to copy the raw value
Showing 2 of 2 records | |||||||
SPF Record | Found SPF record: v=spf1 a:smtpout1.namebrightmail.com a:smtpout2.namebrightmail.com include:namebrightmail.com -all | |||||||
DMARC Record | No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security. | |||||||
Domain Verification | Click any row to copy the raw value
Showing 1 of 1 record |