DNS Records for
gov.hu
๐ Hunting for rogue glue records.
DNS Records forgov.hu
Domain DNS Health Score
69%
Total Tests
36
Passed
25
Critical Issues
4
DNS Performance Analysis
Performance analysis data is not available for this domain. This can happen when the analysis times out or when nameservers are unreachable.
These nameservers are responsible for answering queries about your domain
3 Records
adns0.gov.hu
adns1.gov.hu
adns2.gov.hu
Source: This information was kindly provided by b.hu ๐๐ผ
Good. b.hu has information for your TLD. This confirms your domain is properly delegated.
Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution.
Glue Records from Parent Server
Information provided by b.hu
adns0.gov.hu
Nameserver
IPv4 Addresses:
84.206.109.2adns1.gov.hu
Nameserver
IPv4 Addresses:
84.206.110.2adns2.gov.hu
Nameserver
IPv4 Addresses:
4.231.229.181Note:
Glue records are required for these nameservers since they are under your domain. This prevents circular dependencies in DNS resolution.
| Status | Test name | Information |
|---|---|---|
Authoritative Nameservers | These nameservers are responsible for answering queries about your domain 3 Records adns0.gov.huadns1.gov.huadns2.gov.huSource: This information was kindly provided by b.hu ๐๐ผ | |
TLD Delegation Check | Good. b.hu has information for your TLD. This confirms your domain is properly delegated. | |
Nameservers Listed at Parent | Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution. | |
Glue Records from Parent | Glue Records from Parent ServerInformation provided by b.hu adns0.gov.huNameserver IPv4 Addresses: 84.206.109.2adns1.gov.huNameserver IPv4 Addresses: 84.206.110.2adns2.gov.huNameserver IPv4 Addresses: 4.231.229.181Note: Glue records are required for these nameservers since they are under your domain. This prevents circular dependencies in DNS resolution. |
The following nameservers are not responding to DNS queries:
โข adns1.gov.hu
โข adns0.gov.hu
This is a critical issue โ these nameservers are configured for your domain but are not reachable. DNS resolution will fail when queries are directed to these servers. This can cause intermittent failures, slow resolution, and degraded availability for your domain.
Possible causes:
โข The nameserver host is down or misconfigured
โข A firewall is blocking DNS traffic (port 53)
โข The nameserver software is not running
โข The nameserver is not configured to serve this domain
Recommendation: Contact your DNS provider or update your nameserver records to point to working servers.
adns2.gov.hu
IPv4 Addresses
4.231.229.181
Authoritative
Non-Recursive
TCP
UDP
TTL: 3,600s (0 days)
Good. No nameservers allow recursive queries.
The GLUE records from the parent zone match those from your nameservers. This is important for consistent DNS resolution.
Note: Your nameservers are not under your domain, so additional glue records are not required.
Good. The NS records at all your nameservers are identical.
Good. All nameservers listed at the parent server responded.
All NS records appear to be valid hostnames.
You have 1 nameserver. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability.
Good. All nameservers are answering authoritatively for your domain.
Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6.
Error: The following nameservers from parent are missing in your zone:
adns0.gov.hu
adns1.gov.hu
This means some nameservers registered at the parent are not configured in your zone. See RFC1034 section 3.6 for proper delegation requirements.
Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3.
Good. Your nameservers are on different subnets, providing better redundancy as recommended by RFC2182 section 5.
Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035.
Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035.
Good. All DNS servers allow UDP connections, which is required for standard DNS queries.
Good. Your nameservers appear to be on different networks, providing better redundancy.
Warning
Warning: Found stealth nameservers:
Nameservers in parent but missing from zone:
โข adns0.gov.hu
โข adns1.gov.hu
Stealth nameservers can cause inconsistent DNS resolution and should be either properly registered at both parent and zone, or removed.
| Status | Test name | Information |
|---|---|---|
Nameserver Reachability | The following nameservers are not responding to DNS queries:
โข adns1.gov.hu
โข adns0.gov.hu
This is a critical issue โ these nameservers are configured for your domain but are not reachable. DNS resolution will fail when queries are directed to these servers. This can cause intermittent failures, slow resolution, and degraded availability for your domain.
Possible causes:
โข The nameserver host is down or misconfigured
โข A firewall is blocking DNS traffic (port 53)
โข The nameserver software is not running
โข The nameserver is not configured to serve this domain
Recommendation: Contact your DNS provider or update your nameserver records to point to working servers. | |
Nameserver Records from Zone | adns2.gov.huIPv4 Addresses 4.231.229.181 Authoritative Non-Recursive TCP UDP TTL: 3,600s (0 days) | |
Open Recursive Queries | Good. No nameservers allow recursive queries. | |
Glue Record Consistency | The GLUE records from the parent zone match those from your nameservers. This is important for consistent DNS resolution. | |
Missing Glue for NS Records | Note: Your nameservers are not under your domain, so additional glue records are not required. | |
Mismatched NS records | Good. The NS records at all your nameservers are identical. | |
DNS servers responded | Good. All nameservers listed at the parent server responded. | |
Name of nameservers are valid | All NS records appear to be valid hostnames. | |
Nameserver Redundancy Check | You have 1 nameserver. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability. | |
Lame Delegation Check | Good. All nameservers are answering authoritatively for your domain. | |
Parent Missing Nameservers | Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6. | |
Zone Missing Nameservers | Error: The following nameservers from parent are missing in your zone:
adns0.gov.hu
adns1.gov.hu
This means some nameservers registered at the parent are not configured in your zone. See RFC1034 section 3.6 for proper delegation requirements. | |
CNAMEs at Apex Check | Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3. | |
NS IP Subnet Diversity | Good. Your nameservers are on different subnets, providing better redundancy as recommended by RFC2182 section 5. | |
NS IP Public Accessibility | Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035. | |
DNS servers allow TCP connection | Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035. | |
DNS servers allow UDP connection | Good. All DNS servers allow UDP connections, which is required for standard DNS queries. | |
NS AS Diversity Check | Good. Your nameservers appear to be on different networks, providing better redundancy. | |
Stealth Nameserver Check | Warning: Found stealth nameservers:
Nameservers in parent but missing from zone:
โข adns0.gov.hu
โข adns1.gov.hu
Stealth nameservers can cause inconsistent DNS resolution and should be either properly registered at both parent and zone, or removed. |
Info
Primary Nameserver
adns0.gov.hu
Hostmaster Email
hostmaster.nisz.hu
Serial Number
2026040219
Recently Updated (Standard Format)
A unique version number that changes whenever the zone file is updated
Time Intervals
Refresh43200 seconds (12 hours)
How often secondary nameservers check for updates (20m - 24h)
Retry3600 seconds (1 hours)
How long to wait before retrying a failed zone transfer (2m - 2h)
Expire604800 seconds (7 days)
How long secondary servers serve stale zone data (1w - 4w)
TTL3600 seconds (1 hours)
Default time-to-live for resource records (5m - 24h)
SOA Serial numbers per nameserver:
adns2.gov.hu: 2026040219
Good. All nameservers report the same SOA serial number.
Warning
Warning: Primary nameserver adns0.gov.hu is not listed in your NS records. MNAME doesn't match a member of the NS RRSET. This is OK but may be problematic with zones using Dynamic Updates.
Info
Your SOA serial number is: 2026040219.
Pass
OK. Your SOA REFRESH interval is: 43200 seconds (720 minutes). This is within the recommended range of 1200-43200 seconds as per RFC1912 section 2.2.
Pass
OK. Your SOA RETRY value is: 3600 seconds (60 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2.
Warning
Current expire time is 604800 seconds (7 days).
Warning: Common practice recommends a minimum of 14 days (1209600 seconds) to ensure secondary servers can continue serving during extended outages.
Pass
OK. Your SOA MINIMUM TTL is: 3600 seconds (60 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4.
| Status | Test name | Information |
|---|---|---|
SOA record | Primary Nameserveradns0.gov.hu Hostmaster Emailhostmaster.nisz.hu Serial Number 2026040219 Recently Updated (Standard Format) A unique version number that changes whenever the zone file is updated Time IntervalsRefresh43200 seconds (12 hours) How often secondary nameservers check for updates (20m - 24h) Retry3600 seconds (1 hours) How long to wait before retrying a failed zone transfer (2m - 2h) Expire604800 seconds (7 days) How long secondary servers serve stale zone data (1w - 4w) TTL3600 seconds (1 hours) Default time-to-live for resource records (5m - 24h) | |
SOA Serial Consistency | SOA Serial numbers per nameserver:
adns2.gov.hu: 2026040219
Good. All nameservers report the same SOA serial number. | |
SOA MNAME entry | Warning: Primary nameserver adns0.gov.hu is not listed in your NS records. MNAME doesn't match a member of the NS RRSET. This is OK but may be problematic with zones using Dynamic Updates. | |
SOA Serial | Your SOA serial number is: 2026040219. | |
SOA REFRESH | OK. Your SOA REFRESH interval is: 43200 seconds (720 minutes). This is within the recommended range of 1200-43200 seconds as per RFC1912 section 2.2. | |
SOA RETRY | OK. Your SOA RETRY value is: 3600 seconds (60 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2. | |
SOA EXPIRE | Current expire time is 604800 seconds (7 days).
Warning: Common practice recommends a minimum of 14 days (1209600 seconds) to ensure secondary servers can continue serving during extended outages. | |
SOA MINIMUM TTL | OK. Your SOA MINIMUM TTL is: 3600 seconds (60 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4. |
Info
No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users.
| Status | Test name | Information |
|---|---|---|
IPv6 Support | No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users. |
No MX records found. Email delivery will fall back to the domain's A record.
| Status | Test name | Information |
|---|---|---|
Mail Server Configuration | No MX records found. Email delivery will fall back to the domain's A record. |
WWW record type: CNAME
www.
CNAME Record
kormanyportal.hu
Resolves To
IPv4 Resolution
84.206.104.73| Status | Test name | Information |
|---|---|---|
WWW Configuration | WWW record type: CNAME www. CNAME Record kormanyportal.hu Resolves To IPv4 Resolution 84.206.104.73 |
Error
DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider.
Pass
Zone transfer (AXFR) is properly restricted. Tested 1 nameserver โ all refused the transfer request.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr
Pass
Good. Tested notrealdnschkr.gov.hu - No wildcard DNS records found, ensuring random subdomains won't resolve to an IP address.
Good. Tested notrealdnschkr.gov.hu - Server returns NXDOMAIN for non-existent domains. While an SOA record is recommended, NXDOMAIN alone is a valid response.
Info
No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain.
Checked 8 common subdomains โ none have external CNAME records. No subdomain takeover risk from dangling CNAMEs.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover
| Status | Test name | Information |
|---|---|---|
DNSSEC | DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider. | |
Zone Transfer | Zone transfer (AXFR) is properly restricted. Tested 1 nameserver โ all refused the transfer request.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr | |
Wildcard DNS | Good. Tested notrealdnschkr.gov.hu - No wildcard DNS records found, ensuring random subdomains won't resolve to an IP address. | |
NXDOMAIN Response | Good. Tested notrealdnschkr.gov.hu - Server returns NXDOMAIN for non-existent domains. While an SOA record is recommended, NXDOMAIN alone is a valid response. | |
CAA Records | No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain. | |
Subdomain Takeover | Checked 8 common subdomains โ none have external CNAME records. No subdomain takeover risk from dangling CNAMEs.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover |
Info
Click any row to copy the raw value
microsec-verification | 156uc3e4-09b2-4eaf-97ba-8652f9634425-2023.06.08. |
Showing 1 of 1 record
Warning
No SPF record found. SPF helps prevent email spoofing by specifying which servers are authorized to send email for your domain.
Warning
No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security.
| Status | Test name | Information | ||||
|---|---|---|---|---|---|---|
TXT Records | Click any row to copy the raw value
Showing 1 of 1 record | |||||
SPF Record | No SPF record found. SPF helps prevent email spoofing by specifying which servers are authorized to send email for your domain. | |||||
DMARC Record | No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security. |