DNS Records for
mvfruit.com
๐ Hunting for rogue glue records.
DNS Records formvfruit.com
Domain DNS Health Score
75%
Total Tests
40
Passed
30
Critical Issues
3
First-Visit DNS
~35ms
Excellent
Returning Visit
~0ms
Fully cached
CNAME Depth
None
Optimal
TTL Strategy
Balanced
TTL values are well-balanced across record types
DNS Provider
DNS Provider
Avg NS Response
16ms
Fast
These nameservers are responsible for answering queries about your domain
2 Records
ns1.giowm1023.siteground.biz
ns2.giowm1023.siteground.biz
Source: This information was kindly provided by j.gtld-servers.net ๐๐ผ
Good. j.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated.
Warning
Warning: Mismatch between parent nameservers and actual NS records.
Parent-only nameservers (listed at parent but not in NS records):
โข ns1.giowm1023.siteground.biz
โข ns2.giowm1023.siteground.biz
NS-only nameservers (in NS records but not listed at parent):
โข ns2.siteground.net
โข ns1.siteground.net
This inconsistency can cause DNS resolution issues and should be resolved by updating either the parent nameservers or the NS records.
Glue Records from Parent Server
Information provided by j.gtld-servers.net
ns1.giowm1023.siteground.biz
Nameserver
IPv4 Addresses:
75.2.77.104ns2.giowm1023.siteground.biz
Nameserver
IPv4 Addresses:
99.83.229.113Note:
The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution.
| Status | Test name | Information |
|---|---|---|
Authoritative Nameservers | These nameservers are responsible for answering queries about your domain 2 Records ns1.giowm1023.siteground.bizns2.giowm1023.siteground.bizSource: This information was kindly provided by j.gtld-servers.net ๐๐ผ | |
TLD Delegation Check | Good. j.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated. | |
Nameservers Listed at Parent | Warning: Mismatch between parent nameservers and actual NS records.
Parent-only nameservers (listed at parent but not in NS records):
โข ns1.giowm1023.siteground.biz
โข ns2.giowm1023.siteground.biz
NS-only nameservers (in NS records but not listed at parent):
โข ns2.siteground.net
โข ns1.siteground.net
This inconsistency can cause DNS resolution issues and should be resolved by updating either the parent nameservers or the NS records. | |
Glue Records from Parent | Glue Records from Parent ServerInformation provided by j.gtld-servers.net ns1.giowm1023.siteground.bizNameserver IPv4 Addresses: 75.2.77.104ns2.giowm1023.siteground.bizNameserver IPv4 Addresses: 99.83.229.113Note: The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution. |
ns2.siteground.net
IPv4 Addresses
99.83.229.113
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
ns1.siteground.net
IPv4 Addresses
75.2.77.104
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
Good. No nameservers allow recursive queries.
Warning
Warning: Mismatched IPv4 records between parent and nameserver responses. This can cause inconsistent DNS resolution.
Mismatches found:
โข ns2.siteground.net:
IPv4: Parent has [], Nameserver has [99.83.229.113]
โข ns1.siteground.net:
IPv4: Parent has [], Nameserver has [75.2.77.104]
Note: Your nameservers are not under your domain, so additional glue records are not required.
Good. The NS records at all your nameservers are identical.
Good. All nameservers listed at the parent server responded.
All NS records appear to be valid hostnames.
You have 2 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability.
Good. All nameservers are answering authoritatively for your domain.
Error: The following nameservers are missing from parent zone:
ns2.siteground.net
ns1.siteground.net
This inconsistency can cause DNS resolution problems. See RFC1034 section 3.6 for proper delegation requirements.
Error: The following nameservers from parent are missing in your zone:
ns1.giowm1023.siteground.biz
ns2.giowm1023.siteground.biz
This means some nameservers registered at the parent are not configured in your zone. See RFC1034 section 3.6 for proper delegation requirements.
Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3.
Good. Your nameservers are on different subnets, providing better redundancy as recommended by RFC2182 section 5.
Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035.
Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035.
Good. All DNS servers allow UDP connections, which is required for standard DNS queries.
Good. Your nameservers appear to be on different networks, providing better redundancy.
Warning
Warning: Found stealth nameservers:
Nameservers in zone but missing from parent:
โข ns2.siteground.net
โข ns1.siteground.net
Nameservers in parent but missing from zone:
โข ns1.giowm1023.siteground.biz
โข ns2.giowm1023.siteground.biz
Stealth nameservers can cause inconsistent DNS resolution and should be either properly registered at both parent and zone, or removed.
| Status | Test name | Information |
|---|---|---|
Nameserver Records from Zone | ns2.siteground.netIPv4 Addresses 99.83.229.113 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) ns1.siteground.netIPv4 Addresses 75.2.77.104 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) | |
Open Recursive Queries | Good. No nameservers allow recursive queries. | |
Glue Record Consistency | Warning: Mismatched IPv4 records between parent and nameserver responses. This can cause inconsistent DNS resolution.
Mismatches found:
โข ns2.siteground.net:
IPv4: Parent has [], Nameserver has [99.83.229.113]
โข ns1.siteground.net:
IPv4: Parent has [], Nameserver has [75.2.77.104] | |
Missing Glue for NS Records | Note: Your nameservers are not under your domain, so additional glue records are not required. | |
Mismatched NS records | Good. The NS records at all your nameservers are identical. | |
DNS servers responded | Good. All nameservers listed at the parent server responded. | |
Name of nameservers are valid | All NS records appear to be valid hostnames. | |
Nameserver Redundancy Check | You have 2 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability. | |
Lame Delegation Check | Good. All nameservers are answering authoritatively for your domain. | |
Parent Missing Nameservers | Error: The following nameservers are missing from parent zone:
ns2.siteground.net
ns1.siteground.net
This inconsistency can cause DNS resolution problems. See RFC1034 section 3.6 for proper delegation requirements. | |
Zone Missing Nameservers | Error: The following nameservers from parent are missing in your zone:
ns1.giowm1023.siteground.biz
ns2.giowm1023.siteground.biz
This means some nameservers registered at the parent are not configured in your zone. See RFC1034 section 3.6 for proper delegation requirements. | |
CNAMEs at Apex Check | Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3. | |
NS IP Subnet Diversity | Good. Your nameservers are on different subnets, providing better redundancy as recommended by RFC2182 section 5. | |
NS IP Public Accessibility | Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035. | |
DNS servers allow TCP connection | Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035. | |
DNS servers allow UDP connection | Good. All DNS servers allow UDP connections, which is required for standard DNS queries. | |
NS AS Diversity Check | Good. Your nameservers appear to be on different networks, providing better redundancy. | |
Stealth Nameserver Check | Warning: Found stealth nameservers:
Nameservers in zone but missing from parent:
โข ns2.siteground.net
โข ns1.siteground.net
Nameservers in parent but missing from zone:
โข ns1.giowm1023.siteground.biz
โข ns2.giowm1023.siteground.biz
Stealth nameservers can cause inconsistent DNS resolution and should be either properly registered at both parent and zone, or removed. |
Info
Primary Nameserver
ns1.siteground.net
Hostmaster Email
root.giowm1023.siteground.biz
Serial Number
100295
Non-Standard Format
A unique version number that changes whenever the zone file is updated
Time Intervals
Refresh86400 seconds (1 days)
How often secondary nameservers check for updates (20m - 24h)
Retry7200 seconds (2 hours)
How long to wait before retrying a failed zone transfer (2m - 2h)
Expire3600000 seconds (41 days)
How long secondary servers serve stale zone data (1w - 4w)
TTL86400 seconds (1 days)
Default time-to-live for resource records (5m - 24h)
SOA Serial numbers per nameserver:
ns2.siteground.net: 100295
ns1.siteground.net: 100295
Good. All nameservers report the same SOA serial number.
Pass
OK. ns1.siteground.net is correctly listed as one of your nameservers.
Info
Your SOA serial number is: 100295.
Warning
Warning: SOA REFRESH interval is 86400 seconds (1440 minutes). This is above the recommended maximum of 43200 seconds as per RFC1912 section 2.2.
Pass
OK. Your SOA RETRY value is: 7200 seconds (120 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2.
Warning
Current expire time is 3600000 seconds (41 days).
Warning: Common practice recommends a maximum of 28 days (2419200 seconds) to avoid stale data being served for too long.
Pass
OK. Your SOA MINIMUM TTL is: 86400 seconds (1440 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4.
| Status | Test name | Information |
|---|---|---|
SOA record | Primary Nameserverns1.siteground.net Hostmaster Emailroot.giowm1023.siteground.biz Serial Number 100295 Non-Standard Format A unique version number that changes whenever the zone file is updated Time IntervalsRefresh86400 seconds (1 days) How often secondary nameservers check for updates (20m - 24h) Retry7200 seconds (2 hours) How long to wait before retrying a failed zone transfer (2m - 2h) Expire3600000 seconds (41 days) How long secondary servers serve stale zone data (1w - 4w) TTL86400 seconds (1 days) Default time-to-live for resource records (5m - 24h) | |
SOA Serial Consistency | SOA Serial numbers per nameserver:
ns2.siteground.net: 100295
ns1.siteground.net: 100295
Good. All nameservers report the same SOA serial number. | |
SOA MNAME entry | OK. ns1.siteground.net is correctly listed as one of your nameservers. | |
SOA Serial | Your SOA serial number is: 100295. | |
SOA REFRESH | Warning: SOA REFRESH interval is 86400 seconds (1440 minutes). This is above the recommended maximum of 43200 seconds as per RFC1912 section 2.2. | |
SOA RETRY | OK. Your SOA RETRY value is: 7200 seconds (120 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2. | |
SOA EXPIRE | Current expire time is 3600000 seconds (41 days).
Warning: Common practice recommends a maximum of 28 days (2419200 seconds) to avoid stale data being served for too long. | |
SOA MINIMUM TTL | OK. Your SOA MINIMUM TTL is: 86400 seconds (1440 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4. |
IPv4 Configuration
Your domain is using Google Cloud's infrastructure for content delivery and security
IPv4 Addresses
35.212.6.98Configuration Benefits
Global content delivery
Content served from edge locations worldwide
DDoS protection
Built-in protection against distributed denial-of-service attacks
Load balancing
Intelligent traffic distribution across global network
Automatic failover
Seamless switching to healthy servers during outages
TTL: 32128s
Provides a good balance between propagation speed and DNS loadPass
TTL of 32128 seconds provides a good balance between propagation speed and DNS load.
| Status | Test name | Information |
|---|---|---|
A Record Configuration | IPv4 ConfigurationYour domain is using Google Cloud's infrastructure for content delivery and security IPv4 Addresses 35.212.6.98Configuration Benefits Global content delivery Content served from edge locations worldwide DDoS protection Built-in protection against distributed denial-of-service attacks Load balancing Intelligent traffic distribution across global network Automatic failover Seamless switching to healthy servers during outages TTL: 32128s Provides a good balance between propagation speed and DNS load | |
A Record TTL | TTL of 32128 seconds provides a good balance between propagation speed and DNS load. |
Info
No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users.
| Status | Test name | Information |
|---|---|---|
IPv6 Support | No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users. |
All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery.
Mail Exchange Configuration
| Priority | Mail Server | Actions |
|---|---|---|
0 | mvfruit-com.mail.protection.outlook.com |
All mail server hostnames are properly formatted.
All mail servers use public IP addresses, ensuring global email delivery.
Pass
Mail servers are properly configured without CNAME records.
Pass
Each mail server has unique IP addresses, indicating proper distribution of mail handling.
Using managed mail services: Microsoft 365. PTR records are automatically managed by these providers.
| Status | Test name | Information | ||||||
|---|---|---|---|---|---|---|---|---|
Mail Server Consistency | All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery. | |||||||
Mail Server Configuration | Mail Exchange Configuration
| |||||||
Mail Server Hostname Validation | All mail server hostnames are properly formatted. | |||||||
Public IP Validation | All mail servers use public IP addresses, ensuring global email delivery. | |||||||
CNAME Validation | Mail servers are properly configured without CNAME records. | |||||||
IP Uniqueness | Each mail server has unique IP addresses, indicating proper distribution of mail handling. | |||||||
Reverse DNS Records | Using managed mail services: Microsoft 365. PTR records are automatically managed by these providers. |
WWW record type: A
www.
A Record
IPv4 Addresses
Matches Apex
35.212.6.98| Status | Test name | Information |
|---|---|---|
WWW Configuration | WWW record type: A www. A Record IPv4 Addresses Matches Apex 35.212.6.98 |
Error
DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider.
Pass
Nameserver provider SiteGround is known to block zone transfers (AXFR). No test needed.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr
Pass
Good. Tested notrealdnschkr.mvfruit.com - No wildcard DNS records found, ensuring random subdomains won't resolve to an IP address.
Good. Tested notrealdnschkr.mvfruit.com - Server returns NXDOMAIN for non-existent domains. While an SOA record is recommended, NXDOMAIN alone is a valid response.
Info
No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain.
Checked 8 common subdomains โ none have external CNAME records. No subdomain takeover risk from dangling CNAMEs.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover
| Status | Test name | Information |
|---|---|---|
DNSSEC | DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider. | |
Zone Transfer | Nameserver provider SiteGround is known to block zone transfers (AXFR). No test needed.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr | |
Wildcard DNS | Good. Tested notrealdnschkr.mvfruit.com - No wildcard DNS records found, ensuring random subdomains won't resolve to an IP address. | |
NXDOMAIN Response | Good. Tested notrealdnschkr.mvfruit.com - Server returns NXDOMAIN for non-existent domains. While an SOA record is recommended, NXDOMAIN alone is a valid response. | |
CAA Records | No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain. | |
Subdomain Takeover | Checked 8 common subdomains โ none have external CNAME records. No subdomain takeover risk from dangling CNAMEs.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover |
Info
Click any row to copy the raw value
v | spf1 include:spf.protection.outlook.com include:_spf.mvfruit_com._d.easydmarc.pro ~all |
Showing 1 of 1 record
Pass
Found SPF record: v=spf1 include:spf.protection.outlook.com include:_spf.mvfruit_com._d.easydmarc.pro ~all
Warning
No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security.
| Status | Test name | Information | ||||
|---|---|---|---|---|---|---|
TXT Records | Click any row to copy the raw value
Showing 1 of 1 record | |||||
SPF Record | Found SPF record: v=spf1 include:spf.protection.outlook.com include:_spf.mvfruit_com._d.easydmarc.pro ~all | |||||
DMARC Record | No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security. |