example.com — intoDNS · DNS Health Checker

Report for example.com

Generated 2026-05-02 04:26:50 EDT · 25 checks performed

88%

Health Score 1 errors · 1 warnings

✔ 21 Passed

⚠ 1 Warnings

✖ 1 Errors

ℹ 2 Info

Nameserver Configuration

Status	Check	Details & Recommendation
OK	NS Records	Found 2 NS record(s): hera.ns.cloudflare.com, elliott.ns.cloudflare.com NS records define which nameservers are authoritative for this domain.
OK	NS Redundancy	Good: 2 nameservers found. Redundancy is ensured. Multiple nameservers provide redundancy and load distribution.
OK	NS A Records	Nameservers resolved: hera.ns.cloudflare.com → 108.162.192.162, 172.64.32.162, 173.245.58.162 \| elliott.ns.cloudflare.com → 162.159.44.228, 108.162.195.228, 172.64.35.228 Nameservers must have valid A records to be reachable.
OK	NS Different Subnets	Nameservers appear to be on different subnets — good for resilience. Having nameservers on different IP subnets provides better fault tolerance.
OK	NS Connectivity	hera.ns.cloudflare.com is reachable at 173.245.58.162 Nameservers must be reachable to answer DNS queries.
OK	NS Connectivity	elliott.ns.cloudflare.com is reachable at 162.159.44.228 Nameservers must be reachable to answer DNS queries.

Zone / SOA Configuration

Status	Check	Details & Recommendation
OK	SOA Record	SOA: elliott.ns.cloudflare.com \| Contact: dns.cloudflare.com \| Serial: 2401773869 The SOA record is the primary record for your DNS zone and is required by RFC 1035.
OK	SOA Serial Format	Serial 2401773869 follows the recommended YYYYMMDDNN format. The YYYYMMDDNN format makes it easy to track when the zone was last updated.
OK	SOA Refresh	Refresh: 10000s — within recommended range (1200–43200). The refresh interval controls how often secondary nameservers check for zone updates.
OK	SOA Retry	Retry: 2400s — within recommended range (120–7200). The retry interval controls how often a secondary retries after a failed refresh.
OK	SOA Expire	Expire: 604800s — within recommended range (604800–2419200). The expire value defines how long a secondary will serve zone data without a successful refresh.
OK	SOA Minimum TTL	Minimum TTL: 1800s — within recommended range (300–86400). The minimum TTL is used for negative caching (NXDOMAIN responses).

DNS Address Records

Status	Check	Details & Recommendation
OK	A Records	IPv4: 172.66.147.243, 104.20.23.154 A records point your domain to IPv4 web server addresses.
OK	AAAA Records	IPv6: 2606:4700:10::6814:179a, 2606:4700:10::ac42:93f3 AAAA records provide IPv6 connectivity for your domain.
OK	WWW Record	www.example.com → 104.20.23.154, 172.66.147.243 www subdomain resolves correctly.

Mail Server (MX)

Status	Check	Details & Recommendation
OK	MX Records	Found 1 MX record(s): pri=0 MX records specify which mail servers accept email for your domain.
ERROR	MX A Record	MX host has no A record. Mail delivery will fail. Every MX host must have a valid A record. Without it, other mail servers cannot connect to deliver email.
WARN	MX Redundancy	Only 1 MX record. Consider adding a backup MX for redundancy. A backup MX with higher priority number ensures email is queued and delivered even if your primary mail server is down.

Email Authentication

Status	Check	Details & Recommendation
OK	SPF Record	SPF: v=spf1 -all SPF record found. This helps prevent email spoofing from your domain.
OK	SPF Policy	SPF uses -all (hardfail) — strong protection against spoofing. -all rejects email from unauthorized servers, providing the strongest SPF protection.
OK	DMARC Record	DMARC: v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s DMARC record found. This provides policy enforcement for email authentication.
OK	DMARC Policy	DMARC policy is "reject" — strongest protection. p=reject instructs receiving servers to reject email that fails DMARC checks.
OK	DKIM Record	DKIM found at selector 'default': v=DKIM1; p=… DKIM (DomainKeys Identified Mail) uses cryptographic signatures to verify that email was sent by an authorized server and was not tampered with. RFC 6376.

Other Records

Status	Check	Details & Recommendation
INFO	CAA Records	No CAA records found. Consider adding CAA records to restrict which CAs can issue SSL certificates for your domain. CAA (Certification Authority Authorization) records prevent unauthorized certificate authorities from issuing SSL/TLS certificates for your domain. RFC 6844.
INFO	Other TXT Records	_k2n1y4vw3qtb4skdx9e7dxt97qrmmq9 TXT records are used for various purposes including domain verification, email authentication, and other services.