DNS Records for
teamlindberg.com
๐ Hunting for rogue glue records.
DNS Records forteamlindberg.com
Domain DNS Health Score
80%
Total Tests
40
Passed
32
Critical Issues
1
First-Visit DNS
~35ms
Excellent
Returning Visit
~15ms
Partial re-query
CNAME Depth
None
Direct A record
TTL Strategy
Needs Attention
1 record type has suboptimal TTL values
DNS Provider
Namecheap
Registrar DNS
Avg NS Response
67ms
Normal
Insights
A1
AAAA0
NS5
MX2
TXT1
SPFok
DMARCwarn
DNSSECfail
CAAinfo
86%
43/50 tests
TTL cache lifetime
1m
5m
30m
1h
4h
1d
2d
7d
A
Good for CDN or dynamic setups (3 min). Balances freshness with caching.3 min
NS
Low NS TTL (30 min). NS records rarely change โ consider 86400s (1 day) or higher.30 min
MX
29 min โ appropriate for mail server records.30 min
SOA
1.0 hr
TXT
29 min โ appropriate for TXT records.30 min
Resolution waterfall
First visit ~35msReturning ~15ms
Root โ TLD nameserver
5ms
TLD โ Authoritative NS
20ms
NS โ A record (apex)
15ms
Benchmark: excellent
Per-nameserver response time
avg 67msspread 96ms
freedns1.registrar-servers.com
8ms
freedns3.registrar-servers.com
80ms
freedns4.registrar-servers.com
104ms
freedns5.registrar-servers.com
88ms
freedns2.registrar-servers.com
56ms
Provider Namecheap
www resolution
www.teamlindberg.comDirect A record โ no CNAME chain
145.40.17.108SOA timing
Serial
1673189858Refresh
12 hr
How often secondaries re-check
Retry
1 hr
Wait after a failed refresh
Expire
7 days
Secondaries stop serving after
Min TTL
1.0 hr
Negative cache duration
Zone last updated
Serial format isn't YYYYMMDDnn โ age can't be inferred.
Negative cache
NXDOMAIN responses are cached for 1.0 hr. Typos against this zone stick around that long.
Glue records at parent
via f.gtld-servers.net
| Nameserver | IPv4 | IPv6 | Zone match |
|---|---|---|---|
| freedns3.registrar-servers.com | 195.154.94.174 | 2001:bc8:6006:4000:8218:44ff:feef:d720 | match |
| freedns1.registrar-servers.com | 45.58.122.83 | 2605:9880:300:1400:101:1650:5e2:54 | match |
| freedns2.registrar-servers.com | 199.119.202.75 | 2604:6600:0:1b::2 | match |
| freedns4.registrar-servers.com | 95.141.37.127 | 2a02:29e0:1:103:103::1 | match |
| freedns5.registrar-servers.com | 54.36.109.15 | 2001:41d0:700:120f::1 | match |
Mail exchange priority
2 MX records
pref 10
mx1.simplelogin.co
Primary
pref 20
mx2.simplelogin.co
SPF mechanism chain
v=spf1
include:outbound.mailhop.orgDelegate check to another SPF
~allsoftfail
These nameservers are responsible for answering queries about your domain
5 Records
freedns3.registrar-servers.com
freedns1.registrar-servers.com
freedns2.registrar-servers.com
freedns4.registrar-servers.com
freedns5.registrar-servers.com
Namecheap
Your domain uses Namecheap's DNS servers, offering free DNS hosting with DDoS protection and global redundancy.
Source: This information was kindly provided by f.gtld-servers.net ๐๐ผ
Good. f.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated.
Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution.
Glue Records from Parent Server
Information provided by f.gtld-servers.net
freedns3.registrar-servers.com
Nameserver
IPv4 Addresses:
195.154.94.174IPv6 Addresses:
2001:bc8:6006:4000:8218:44ff:feef:d720freedns1.registrar-servers.com
Nameserver
IPv4 Addresses:
45.58.122.83IPv6 Addresses:
2605:9880:300:1400:101:1650:5e2:54freedns2.registrar-servers.com
Nameserver
IPv4 Addresses:
199.119.202.75IPv6 Addresses:
2604:6600:0:1b::2freedns4.registrar-servers.com
Nameserver
IPv4 Addresses:
95.141.37.127IPv6 Addresses:
2a02:29e0:1:103:103::1freedns5.registrar-servers.com
Nameserver
IPv4 Addresses:
54.36.109.15IPv6 Addresses:
2001:41d0:700:120f::1Note:
The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution.
| Status | Test name | Information |
|---|---|---|
Authoritative Nameservers | These nameservers are responsible for answering queries about your domain 5 Records freedns3.registrar-servers.comfreedns1.registrar-servers.comfreedns2.registrar-servers.comfreedns4.registrar-servers.comfreedns5.registrar-servers.comNamecheapYour domain uses Namecheap's DNS servers, offering free DNS hosting with DDoS protection and global redundancy. Source: This information was kindly provided by f.gtld-servers.net ๐๐ผ | |
TLD Delegation Check | Good. f.gtld-servers.net has information for your TLD. This confirms your domain is properly delegated. | |
Nameservers Listed at Parent | Good. The parent server has your nameservers listed and they match the actual NS records. This ensures consistent DNS resolution. | |
Glue Records from Parent | Glue Records from Parent ServerInformation provided by f.gtld-servers.net freedns3.registrar-servers.comNameserver IPv4 Addresses: 195.154.94.174IPv6 Addresses: 2001:bc8:6006:4000:8218:44ff:feef:d720freedns1.registrar-servers.comNameserver IPv4 Addresses: 45.58.122.83IPv6 Addresses: 2605:9880:300:1400:101:1650:5e2:54freedns2.registrar-servers.comNameserver IPv4 Addresses: 199.119.202.75IPv6 Addresses: 2604:6600:0:1b::2freedns4.registrar-servers.comNameserver IPv4 Addresses: 95.141.37.127IPv6 Addresses: 2a02:29e0:1:103:103::1freedns5.registrar-servers.comNameserver IPv4 Addresses: 54.36.109.15IPv6 Addresses: 2001:41d0:700:120f::1Note: The parent server is providing glue records for these nameservers. While not required (since the nameservers are not under your domain), this helps optimize DNS resolution. |
freedns1.registrar-servers.com
Namecheap
IPv4 Addresses
45.58.122.83
IPv6 Addresses
2605:9880:300:1400:101:1650:5e2:54
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
freedns3.registrar-servers.com
Namecheap
IPv4 Addresses
195.154.94.174
IPv6 Addresses
2001:bc8:6006:4000:8218:44ff:feef:d720
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
freedns4.registrar-servers.com
Namecheap
IPv4 Addresses
95.141.37.127
IPv6 Addresses
2a02:29e0:1:103:103::1
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
freedns5.registrar-servers.com
Namecheap
IPv4 Addresses
54.36.109.15
IPv6 Addresses
2001:41d0:700:120f::1
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
freedns2.registrar-servers.com
Namecheap
IPv4 Addresses
199.119.202.76
IPv6 Addresses
2604:6600:0:1b::2
Authoritative
Non-Recursive
TCP
UDP
TTL: 172,800s (2 days)
Good. No nameservers allow recursive queries.
Warning
Warning: Mismatched both IPv4 and IPv6 records between parent and nameserver responses. This can cause inconsistent DNS resolution.
Mismatches found:
โข freedns2.registrar-servers.com:
IPv4: Parent has [199.119.202.75, 2604:6600:0:1b::2], Nameserver has [199.119.202.76]
IPv6: Parent has [], Nameserver has [2604:6600:0:1b::2]
Note: Your nameservers are not under your domain, so additional glue records are not required.
Good. The NS records at all your nameservers are identical.
Good. All nameservers listed at the parent server responded.
All NS records appear to be valid hostnames.
You have 5 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability.
Good. All nameservers are answering authoritatively for your domain.
Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6.
Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6.
Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3.
Good. Your nameservers are on different subnets, providing better redundancy as recommended by RFC2182 section 5.
Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035.
Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035.
Good. All DNS servers allow UDP connections, which is required for standard DNS queries.
Good. Your nameservers appear to be on different networks, providing better redundancy.
Good. All nameservers in your zone are properly registered at the parent. This ensures consistent DNS resolution for all users.
| Status | Test name | Information |
|---|---|---|
Nameserver Records from Zone | freedns1.registrar-servers.comNamecheap IPv4 Addresses 45.58.122.83 IPv6 Addresses 2605:9880:300:1400:101:1650:5e2:54 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) freedns3.registrar-servers.comNamecheap IPv4 Addresses 195.154.94.174 IPv6 Addresses 2001:bc8:6006:4000:8218:44ff:feef:d720 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) freedns4.registrar-servers.comNamecheap IPv4 Addresses 95.141.37.127 IPv6 Addresses 2a02:29e0:1:103:103::1 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) freedns5.registrar-servers.comNamecheap IPv4 Addresses 54.36.109.15 IPv6 Addresses 2001:41d0:700:120f::1 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) freedns2.registrar-servers.comNamecheap IPv4 Addresses 199.119.202.76 IPv6 Addresses 2604:6600:0:1b::2 Authoritative Non-Recursive TCP UDP TTL: 172,800s (2 days) | |
Open Recursive Queries | Good. No nameservers allow recursive queries. | |
Glue Record Consistency | Warning: Mismatched both IPv4 and IPv6 records between parent and nameserver responses. This can cause inconsistent DNS resolution.
Mismatches found:
โข freedns2.registrar-servers.com:
IPv4: Parent has [199.119.202.75, 2604:6600:0:1b::2], Nameserver has [199.119.202.76]
IPv6: Parent has [], Nameserver has [2604:6600:0:1b::2] | |
Missing Glue for NS Records | Note: Your nameservers are not under your domain, so additional glue records are not required. | |
Mismatched NS records | Good. The NS records at all your nameservers are identical. | |
DNS servers responded | Good. All nameservers listed at the parent server responded. | |
Name of nameservers are valid | All NS records appear to be valid hostnames. | |
Nameserver Redundancy Check | You have 5 nameservers. This meets the minimum requirement, though RFC2182 section 5 recommends at least 3 for better reliability. | |
Lame Delegation Check | Good. All nameservers are answering authoritatively for your domain. | |
Parent Missing Nameservers | Good. All NS records match between parent and nameservers, as required by RFC1034 section 3.6. | |
Zone Missing Nameservers | Good. All parent-listed nameservers are reported by your nameservers, as required by RFC1034 section 3.6. | |
CNAMEs at Apex Check | Good. No CNAME records found for NS records, as per RFC1912 section 2.4 and RFC2181 section 10.3. | |
NS IP Subnet Diversity | Good. Your nameservers are on different subnets, providing better redundancy as recommended by RFC2182 section 5. | |
NS IP Public Accessibility | Good. All nameserver IPs (both IPv4 and IPv6) are public, ensuring global accessibility as required by RFC1035. | |
DNS servers allow TCP connection | Good. All DNS servers allow TCP connections, which is required for larger DNS responses as per RFC1035. | |
DNS servers allow UDP connection | Good. All DNS servers allow UDP connections, which is required for standard DNS queries. | |
NS AS Diversity Check | Good. Your nameservers appear to be on different networks, providing better redundancy. | |
Stealth Nameserver Check | Good. All nameservers in your zone are properly registered at the parent. This ensures consistent DNS resolution for all users. |
Info
Primary Nameserver
freedns1.registrar-servers.com
Hostmaster Email
hostmaster.registrar-servers.com
Serial Number
1673189858
Non-Standard (Unix Timestamp)
A unique version number that changes whenever the zone file is updated
Time Intervals
Refresh43200 seconds (12 hours)
How often secondary nameservers check for updates (20m - 24h)
Retry3600 seconds (1 hours)
How long to wait before retrying a failed zone transfer (2m - 2h)
Expire604800 seconds (7 days)
How long secondary servers serve stale zone data (1w - 4w)
TTL3601 seconds (1 hours)
Default time-to-live for resource records (5m - 24h)
SOA Serial numbers per nameserver:
freedns1.registrar-servers.com: 1673189858
freedns3.registrar-servers.com: 1673189858
freedns4.registrar-servers.com: 1673189858
freedns5.registrar-servers.com: 1673189858
freedns2.registrar-servers.com: 1673189858
Good. All nameservers report the same SOA serial number.
Pass
OK. freedns1.registrar-servers.com is correctly listed as one of your nameservers.
Info
Your SOA serial number is: 1673189858.
Pass
OK. Your SOA REFRESH interval is: 43200 seconds (720 minutes). This is within the recommended range of 1200-43200 seconds as per RFC1912 section 2.2.
Pass
OK. Your SOA RETRY value is: 3600 seconds (60 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2.
Warning
Current expire time is 604800 seconds (7 days).
Warning: Common practice recommends a minimum of 14 days (1209600 seconds) to ensure secondary servers can continue serving during extended outages.
Pass
OK. Your SOA MINIMUM TTL is: 3601 seconds (60 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4.
| Status | Test name | Information |
|---|---|---|
SOA record | Primary Nameserverfreedns1.registrar-servers.com Hostmaster Emailhostmaster.registrar-servers.com Serial Number 1673189858 Non-Standard (Unix Timestamp) A unique version number that changes whenever the zone file is updated Time IntervalsRefresh43200 seconds (12 hours) How often secondary nameservers check for updates (20m - 24h) Retry3600 seconds (1 hours) How long to wait before retrying a failed zone transfer (2m - 2h) Expire604800 seconds (7 days) How long secondary servers serve stale zone data (1w - 4w) TTL3601 seconds (1 hours) Default time-to-live for resource records (5m - 24h) | |
SOA Serial Consistency | SOA Serial numbers per nameserver:
freedns1.registrar-servers.com: 1673189858
freedns3.registrar-servers.com: 1673189858
freedns4.registrar-servers.com: 1673189858
freedns5.registrar-servers.com: 1673189858
freedns2.registrar-servers.com: 1673189858
Good. All nameservers report the same SOA serial number. | |
SOA MNAME entry | OK. freedns1.registrar-servers.com is correctly listed as one of your nameservers. | |
SOA Serial | Your SOA serial number is: 1673189858. | |
SOA REFRESH | OK. Your SOA REFRESH interval is: 43200 seconds (720 minutes). This is within the recommended range of 1200-43200 seconds as per RFC1912 section 2.2. | |
SOA RETRY | OK. Your SOA RETRY value is: 3600 seconds (60 minutes). This is within the recommended range of 120-7200 seconds as per RFC1912 section 2.2. | |
SOA EXPIRE | Current expire time is 604800 seconds (7 days).
Warning: Common practice recommends a minimum of 14 days (1209600 seconds) to ensure secondary servers can continue serving during extended outages. | |
SOA MINIMUM TTL | OK. Your SOA MINIMUM TTL is: 3601 seconds (60 minutes). This value is used for negative caching and is within the recommended range of 180-86400 seconds as per RFC2308 section 4. |
IPv4 Configuration
Single IPv4 address configuration
IPv4 Addresses
145.40.17.108TTL: 180s
Provides a good balance between propagation speed and DNS loadInfo
Low TTL of 180 seconds provides quick propagation but may increase DNS load.
| Status | Test name | Information |
|---|---|---|
A Record Configuration | IPv4 ConfigurationSingle IPv4 address configuration IPv4 Addresses 145.40.17.108TTL: 180s Provides a good balance between propagation speed and DNS load | |
A Record TTL | Low TTL of 180 seconds provides quick propagation but may increase DNS load. |
Info
No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users.
| Status | Test name | Information |
|---|---|---|
IPv6 Support | No AAAA (IPv6) records found. While not required, IPv6 support is recommended for future-proofing your domain and improving accessibility for IPv6 users. |
All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery.
Mail Exchange Configuration
| Priority | Mail Server | Actions |
|---|---|---|
10 | mx1.simplelogin.co | |
20 | mx2.simplelogin.co |
All mail server hostnames are properly formatted.
All mail servers use public IP addresses, ensuring global email delivery.
Pass
Mail servers are properly configured without CNAME records.
Warning
Warning: The following IP addresses are shared between multiple mail servers:
176.119.200.136 is shared by: mx1.simplelogin.co, mx2.simplelogin.co
185.205.70.136 is shared by: mx1.simplelogin.co, mx2.simplelogin.co
This may indicate suboptimal mail handling distribution.
Reverse DNS Records
All Valid
| PTR Query | Hostname |
|---|---|
136.200.119.176.in-addr.arpa | mx1.simplelogin.co |
136.70.205.185.in-addr.arpa | mx1.simplelogin.co |
136.200.119.176.in-addr.arpa | mx1.simplelogin.co |
136.70.205.185.in-addr.arpa | mx1.simplelogin.co |
Proper reverse DNS records are essential for email deliverability. Mail servers often check if sending IPs have matching PTR records.
| Status | Test name | Information | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Mail Server Consistency | All nameservers are reporting the same mail server configuration. This consistency ensures reliable email delivery. | |||||||||||
Mail Server Configuration | Mail Exchange Configuration
| |||||||||||
Mail Server Hostname Validation | All mail server hostnames are properly formatted. | |||||||||||
Public IP Validation | All mail servers use public IP addresses, ensuring global email delivery. | |||||||||||
CNAME Validation | Mail servers are properly configured without CNAME records. | |||||||||||
IP Uniqueness | Warning: The following IP addresses are shared between multiple mail servers:
176.119.200.136 is shared by: mx1.simplelogin.co, mx2.simplelogin.co
185.205.70.136 is shared by: mx1.simplelogin.co, mx2.simplelogin.co
This may indicate suboptimal mail handling distribution. | |||||||||||
Reverse DNS Records | Reverse DNS RecordsAll Valid
Proper reverse DNS records are essential for email deliverability. Mail servers often check if sending IPs have matching PTR records. |
WWW record type: A
www.
A Record
IPv4 Addresses
Matches Apex
145.40.17.108| Status | Test name | Information |
|---|---|---|
WWW Configuration | WWW record type: A www. A Record IPv4 Addresses Matches Apex 145.40.17.108 |
Error
DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider.
Pass
Nameserver provider Namecheap is known to block zone transfers (AXFR). No test needed.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr
Warning
Warning: Wildcard DNS records found. This means any subdomain will resolve to an IP address, which could pose security risks.
Warning
Warning: Server does not return NXDOMAIN for non-existent domains. This could indicate misconfiguration or intentional wildcard records.
Info
No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain.
Checked 8 common subdomains โ none have external CNAME records. No subdomain takeover risk from dangling CNAMEs.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover
| Status | Test name | Information |
|---|---|---|
DNSSEC | DNSSEC validation failed. This indicates a problem with your DNSSEC configuration:
โข DNSKEY query failed with SERVFAIL
โข DS query failed with SERVFAIL
Please check your DNSSEC configuration with your DNS provider. | |
Zone Transfer | Nameserver provider Namecheap is known to block zone transfers (AXFR). No test needed.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#dns-zone-transfer-attack-axfr | |
Wildcard DNS | Warning: Wildcard DNS records found. This means any subdomain will resolve to an IP address, which could pose security risks. | |
NXDOMAIN Response | Warning: Server does not return NXDOMAIN for non-existent domains. This could indicate misconfiguration or intentional wildcard records. | |
CAA Records | No CAA records found. While optional, CAA records help control which Certificate Authorities can issue certificates for your domain. | |
Subdomain Takeover | Checked 8 common subdomains โ none have external CNAME records. No subdomain takeover risk from dangling CNAMEs.
Learn more: https://dnschkr.com/blog/dns-attacks-guide#subdomain-takeover |
Info
Click any row to copy the raw value
v | spf1 include:outbound.mailhop.org ~all |
Showing 1 of 1 record
Pass
Found SPF record: v=spf1 include:outbound.mailhop.org ~all
Warning
No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security.
| Status | Test name | Information | ||||
|---|---|---|---|---|---|---|
TXT Records | Click any row to copy the raw value
Showing 1 of 1 record | |||||
SPF Record | Found SPF record: v=spf1 include:outbound.mailhop.org ~all | |||||
DMARC Record | No DMARC record found. DMARC helps prevent email spoofing and provides reporting capabilities. Consider adding a DMARC record to improve email security. |