DNS Records for
google.com
๐ Hunting for rogue glue records.
DNS Records forgoogle.com
Domain DNS Health Score
100%
Total Tests
28
Passed
28
Critical Issues
0
First-Visit DNS
~35ms
Excellent
Returning Visit
~15ms
Partial re-query
CNAME Depth
None
Optimal
TTL Strategy
Needs Attention
1 record type has suboptimal TTL values
DNS Provider
Google Cloud DNS
Global Anycast
Avg NS Response
4ms
Fast
These nameservers are responsible for answering queries about your domain
4 Records
ns2.google.com
ns1.google.com
ns3.google.com
ns4.google.com
Google Cloud DNS
Your domain uses Google Cloud DNS, offering a reliable, resilient, and low-latency DNS service backed by Google's global infrastructure.
Source: This information was kindly provided by k.gtld-servers.net ๐๐ผ
Good. k.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated.
Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution.
Glue Records from Parent Server
Information provided by k.gtld-servers.net
ns2.google.com
Nameserver
IPv4 Addresses:
216.239.34.10IPv6 Addresses:
2001:4860:4802:34::ans1.google.com
Nameserver
IPv4 Addresses:
216.239.32.10IPv6 Addresses:
2001:4860:4802:32::ans3.google.com
Nameserver
IPv4 Addresses:
216.239.36.10IPv6 Addresses:
2001:4860:4802:36::ans4.google.com
Nameserver
IPv4 Addresses:
216.239.38.10IPv6 Addresses:
2001:4860:4802:38::aNote:
Glue records are required for these nameservers since they are under your domain. This prevents circular dependencies in DNS resolution.
| Status | Test name | Information |
|---|---|---|
Authoritative Nameservers | These nameservers are responsible for answering queries about your domain 4 Records ns2.google.comns1.google.comns3.google.comns4.google.comGoogle Cloud DNSYour domain uses Google Cloud DNS, offering a reliable, resilient, and low-latency DNS service backed by Google's global infrastructure. Source: This information was kindly provided by k.gtld-servers.net ๐๐ผ | |
TLD Delegation Check | Good. k.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated. | |
Nameservers Listed at Parent | Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution. | |
Glue Records from Parent | Glue Records from Parent ServerInformation provided by k.gtld-servers.net ns2.google.comNameserver IPv4 Addresses: 216.239.34.10IPv6 Addresses: 2001:4860:4802:34::ans1.google.comNameserver IPv4 Addresses: 216.239.32.10IPv6 Addresses: 2001:4860:4802:32::ans3.google.comNameserver IPv4 Addresses: 216.239.36.10IPv6 Addresses: 2001:4860:4802:36::ans4.google.comNameserver IPv4 Addresses: 216.239.38.10IPv6 Addresses: 2001:4860:4802:38::aNote: Glue records are required for these nameservers since they are under your domain. This prevents circular dependencies in DNS resolution. |
ns1.google.com
Google Cloud DNS
IPv4 Addresses
216.239.32.10
IPv6 Addresses
2001:4860:4802:32::a
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
ns2.google.com
Google Cloud DNS
IPv4 Addresses
216.239.34.10
IPv6 Addresses
2001:4860:4802:34::a
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
ns3.google.com
Google Cloud DNS
IPv4 Addresses
216.239.36.10
IPv6 Addresses
2001:4860:4802:36::a
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
ns4.google.com
Google Cloud DNS
IPv4 Addresses
216.239.38.10
IPv6 Addresses
2001:4860:4802:38::a
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
Good. No nameservers allow recursive queries.
Google Cloud DNS uses a globally distributed anycast network. Different A records between parent and nameserver responses may occur due to short-term updates.
Google Cloud DNS manages glue records through their global DNS infrastructure.
Good. The NS records at all your nameservers are identical.
Good. All nameservers listed at the parent server responded.
All NS records appear to be valid hostnames.
You have 4 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability.
Good. All nameservers are answering authoritatively for your domain.
Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6.
Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6.
Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3.
Anycast provider detected (Google Cloud DNS).While 6 IP pair(s) share a
/16
prefix, Google Cloud DNS distributes these across globally diverse datacenters using anycast routing. No subnet diversity concern per RFC2182 section 5.| Status | Test name | Information |
|---|---|---|
Nameserver Records from Zone | ns1.google.comGoogle Cloud DNS IPv4 Addresses 216.239.32.10 IPv6 Addresses 2001:4860:4802:32::a Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) ns2.google.comGoogle Cloud DNS IPv4 Addresses 216.239.34.10 IPv6 Addresses 2001:4860:4802:34::a Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) ns3.google.comGoogle Cloud DNS IPv4 Addresses 216.239.36.10 IPv6 Addresses 2001:4860:4802:36::a Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) ns4.google.comGoogle Cloud DNS IPv4 Addresses 216.239.38.10 IPv6 Addresses 2001:4860:4802:38::a Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) | |
Open Recursive Queries | Good. No nameservers allow recursive queries. | |
Glue Record Consistency | Google Cloud DNS uses a globally distributed anycast network. Different A records between parent and nameserver responses may occur due to short-term updates. | |
Missing Glue for NS Records | Google Cloud DNS manages glue records through their global DNS infrastructure. | |
Mismatched NS records | Good. The NS records at all your nameservers are identical. | |
DNS servers responded | Good. All nameservers listed at the parent server responded. | |
Name of nameservers are valid | All NS records appear to be valid hostnames. | |
Nameserver Redundancy Check | You have 4 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability. | |
Lame Delegation Check | Good. All nameservers are answering authoritatively for your domain. | |
Parent Missing Nameservers | Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6. | |
Zone Missing Nameservers | Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6. | |
CNAMEs at Apex Check | Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3. | |
NS IP Subnet Diversity | Anycast provider detected (Google Cloud DNS).While 6 IP pair(s) share a /16 prefix, Google Cloud DNS distributes these across globally diverse datacenters using anycast routing. No subnet diversity concern per RFC2182 section 5. |
Info
Primary Nameserver
ns1.google.com
Hostmaster Email
dns-admin.google.com
Serial Number
895796075
Non-Standard (Unix Timestamp)
A unique version number that changes whenever the zone file is updated
Time Intervals
Refresh900 seconds (15 minutes)
How often secondary nameservers check for updates (20m - 24h)
Retry900 seconds (15 minutes)
How long to wait before retrying a failed zone transfer (2m - 2h)
Expire1800 seconds (30 minutes)
How long secondary servers serve stale zone data (1w - 4w)
TTL60 seconds (1 minutes)
Default time-to-live for resource records (5m - 24h)
SOA Serial numbers per nameserver:
ns1.google.com: 895796075
ns2.google.com: 895796075
ns3.google.com: 895796075
ns4.google.com: 895796075
Good. All nameservers report the same SOA serial number.
Pass
OK. ns1.google.com is correctly listed as one of your nameservers.
Info
Your SOA serial number is: 895796075. Using Google Cloud DNS automatic serial number management.
Info
Using Google Cloud DNS's standard refresh interval of 900 seconds (15 minutes), which is optimized for their infrastructure.
Pass
OK. Your SOA RETRY value is: 900 seconds (15 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2.
Info
Current expire time is 1800 seconds (0 days). Google Cloud DNS uses a short expire time because all nameservers operate as primaries in an anycast network โ there are no traditional secondary servers that need long cache times.
Info
Using Google Cloud DNS's standard minimum TTL of 60 seconds (1 minutes), which is optimized for their infrastructure.
| Status | Test name | Information |
|---|---|---|
SOA record | Primary Nameserverns1.google.com Hostmaster Emaildns-admin.google.com Serial Number 895796075 Non-Standard (Unix Timestamp) A unique version number that changes whenever the zone file is updated Time IntervalsRefresh900 seconds (15 minutes) How often secondary nameservers check for updates (20m - 24h) Retry900 seconds (15 minutes) How long to wait before retrying a failed zone transfer (2m - 2h) Expire1800 seconds (30 minutes) How long secondary servers serve stale zone data (1w - 4w) TTL60 seconds (1 minutes) Default time-to-live for resource records (5m - 24h) | |
SOA Serial Consistency | SOA Serial numbers per nameserver:
ns1.google.com: 895796075
ns2.google.com: 895796075
ns3.google.com: 895796075
ns4.google.com: 895796075
Good. All nameservers report the same SOA serial number. | |
SOA MNAME entry | OK. ns1.google.com is correctly listed as one of your nameservers. | |
SOA Serial | Your SOA serial number is: 895796075. Using Google Cloud DNS automatic serial number management. | |
SOA REFRESH | Using Google Cloud DNS's standard refresh interval of 900 seconds (15 minutes), which is optimized for their infrastructure. | |
SOA RETRY | OK. Your SOA RETRY value is: 900 seconds (15 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2. | |
SOA EXPIRE | Current expire time is 1800 seconds (0 days). Google Cloud DNS uses a short expire time because all nameservers operate as primaries in an anycast network โ there are no traditional secondary servers that need long cache times. | |
SOA MINIMUM TTL | Using Google Cloud DNS's standard minimum TTL of 60 seconds (1 minutes), which is optimized for their infrastructure. |
IPv4 Configuration
Multiple IPv4 addresses configured for redundancy and load balancing
IPv4 Addresses
142.251.167.101142.251.167.113142.251.167.100142.251.167.139142.251.167.138142.251.167.102Configuration Benefits
DNS-based load balancing
Distributes traffic across multiple servers to improve performance and reliability
Failover capability
Automatic fallback to healthy servers if one becomes unavailable
Geographic distribution potential
Ability to serve content from servers closest to users
TTL: 92s
Provides a good balance between propagation speed and DNS loadInfo
Low TTL of 92 seconds provides quick propagation but may increase DNS load.
| Status | Test name | Information |
|---|---|---|
A Record Configuration | IPv4 ConfigurationMultiple IPv4 addresses configured for redundancy and load balancing IPv4 Addresses 142.251.167.101142.251.167.113142.251.167.100142.251.167.139142.251.167.138142.251.167.102Configuration Benefits DNS-based load balancing Distributes traffic across multiple servers to improve performance and reliability Failover capability Automatic fallback to healthy servers if one becomes unavailable Geographic distribution potential Ability to serve content from servers closest to users TTL: 92s Provides a good balance between propagation speed and DNS load | |
A Record TTL | Low TTL of 92 seconds provides quick propagation but may increase DNS load. |
IPv6 Configuration
Multiple IPv6 addresses configured for redundancy and load balancing
IPv6 Addresses
2607:f8b0:4004:c1d::652607:f8b0:4004:c1d::642607:f8b0:4004:c1d::662607:f8b0:4004:c1d::8bTTL: 189s
Provides a good balance between propagation speed and DNS load| Status | Test name | Information |
|---|---|---|
IPv6 Configuration | IPv6 ConfigurationMultiple IPv6 addresses configured for redundancy and load balancing IPv6 Addresses 2607:f8b0:4004:c1d::652607:f8b0:4004:c1d::642607:f8b0:4004:c1d::662607:f8b0:4004:c1d::8bTTL: 189s Provides a good balance between propagation speed and DNS load |
All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery.
Mail Exchange Configuration
| Priority | Mail Server | Actions |
|---|---|---|
10 | smtp.google.com |
All mail server hostnames are properly formatted.
All mail servers use public IP addresses, ensuring global email delivery.
Pass
Mail servers are properly configured without CNAME records.
Pass
Each mail server has unique IP addresses, indicating proper distribution of mail handling.
Reverse DNS Records
All Valid
| PTR Query | Hostname |
|---|---|
26.180.233.64.in-addr.arpa | pe-in-f26.1e100.net |
27.62.253.172.in-addr.arpa | bc-in-f27.1e100.net |
26.62.253.172.in-addr.arpa | bc-in-f26.1e100.net |
26.179.251.142.in-addr.arpa | pd-in-f26.1e100.net |
27.180.233.64.in-addr.arpa | on-in-f27.1e100.net |
Proper reverse DNS records are essential for email deliverability. Mail servers often check if sending IPs have matching PTR records.
| Status | Test name | Information | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Mail Server Consistency | All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery. | |||||||||||||
Mail Server Configuration | Mail Exchange Configuration
| |||||||||||||
Mail Server Hostname Validation | All mail server hostnames are properly formatted. | |||||||||||||
Public IP Validation | All mail servers use public IP addresses, ensuring global email delivery. | |||||||||||||
CNAME Validation | Mail servers are properly configured without CNAME records. | |||||||||||||
IP Uniqueness | Each mail server has unique IP addresses, indicating proper distribution of mail handling. | |||||||||||||
Reverse DNS Records | Reverse DNS RecordsAll Valid
Proper reverse DNS records are essential for email deliverability. Mail servers often check if sending IPs have matching PTR records. |
WWW record type: A & AAAA
www.
A & AAAA Record
IPv4 Addresses
142.251.156.119142.251.152.119142.251.153.119142.251.150.119142.251.151.119142.251.157.119142.251.154.119142.251.155.119IPv6 Addresses
2001:4860:4826:7700::2001:4860:4828:7700::2001:4860:4827:7700::2001:4860:482c:7700::2001:4860:482b:7700::2001:4860:482d:7700::2001:4860:482a:7700::2001:4860:4829:7700::Recommendation
Consider using a CNAME record for better flexibility
Multiple records of the same type found:
โข IPv4: 8 A records
โข IPv6: 8 AAAA records
This can provide redundancy if the IPs are on different servers, but doesn't automatically mean load balancing is in use.
| Status | Test name | Information |
|---|---|---|
WWW Configuration | WWW record type: A & AAAA www. A & AAAA Record IPv4 Addresses 142.251.156.119142.251.152.119142.251.153.119142.251.150.119142.251.151.119142.251.157.119142.251.154.119142.251.155.119IPv6 Addresses 2001:4860:4826:7700::2001:4860:4828:7700::2001:4860:4827:7700::2001:4860:482c:7700::2001:4860:482b:7700::2001:4860:482d:7700::2001:4860:482a:7700::2001:4860:4829:7700::Recommendation Consider using a CNAME record for better flexibility | |
Multiple WWW Records | Multiple records of the same type found:
โข IPv4: 8 A records
โข IPv6: 8 AAAA records
This can provide redundancy if the IPs are on different servers, but doesn't automatically mean load balancing is in use. |
Info
This domain uses Google Cloud DNS. DNSSEC queries returned SERVFAIL, which may be due to resolver compatibility rather than a configuration issue. Google Cloud DNS manages DNSSEC through their infrastructure โ check their dashboard for DNSSEC status.
Info
Your domain uses Google Cloud DNS nameservers. Google Cloud DNS manages zone transfers securely through their infrastructure. AXFR behavior is part of their managed DNS service.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr
Pass
Found CAA records:
โโ issue: pki.goog
These records control which Certificate Authorities can issue certificates for your domain.
Checked 8 common subdomains. Found 2 CNAME records โ all targets resolve correctly. No dangling CNAME risk detected.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover
| Status | Test name | Information |
|---|---|---|
DNSSEC | This domain uses Google Cloud DNS. DNSSEC queries returned SERVFAIL, which may be due to resolver compatibility rather than a configuration issue. Google Cloud DNS manages DNSSEC through their infrastructure โ check their dashboard for DNSSEC status. | |
Zone Transfer | Your domain uses Google Cloud DNS nameservers. Google Cloud DNS manages zone transfers securely through their infrastructure. AXFR behavior is part of their managed DNS service.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr | |
CAA Records | Found CAA records:
โโ issue: pki.goog
These records control which Certificate Authorities can issue certificates for your domain. | |
Subdomain Takeover | Checked 8 common subdomains. Found 2 CNAME records โ all targets resolve correctly. No dangling CNAME risk detected.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover |
Info
Click any row to copy the raw value
docusign | 05958488-4752-4ef2-95eb-aa7ba8a3bd0e |
google-site-verification | 4ibFUgB-wXLQ_S7vsXVomSTVamuOXBiVAzpR5IZ87D0 |
MS | E4A68B9AB2BB9670BCE15412F62916164C0B20BB |
Showing 3 of 13 records (limited view)
Pass
Found SPF record: v=spf1 include:_spf.google.com ~all
Pass
Found DMARC record: v=DMARC1; p=reject; rua=mailto:[email protected]
Click any row to copy the raw value
google-site-verification | 4ibFUgB-wXLQ_S7vsXVomSTVamuOXBiVAzpR5IZ87D0 |
MS | E4A68B9AB2BB9670BCE15412F62916164C0B20BB |
google-site-verification | TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ |
Showing 3 of 6 records (limited view)
| Status | Test name | Information | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
TXT Records | Click any row to copy the raw value
Showing 3 of 13 records (limited view) | |||||||||
SPF Record | Found SPF record: v=spf1 include:_spf.google.com ~all | |||||||||
DMARC Record | Found DMARC record: v=DMARC1; p=reject; rua=mailto:[email protected] | |||||||||
Domain Verification | Click any row to copy the raw value
Showing 3 of 6 records (limited view) |