| Category | Status | Test name | Information send feedback | 
|---|---|---|---|
| Parent |  | Domain NS records | Nameserver records returned by the parent servers are: ernest.ns.cloudflare.com. ['108.162.193.164', '172.64.33.164', '173.245.59.164'] [TTL=172800] hazel.ns.cloudflare.com. ['108.162.194.157', '162.159.38.157', '172.64.34.157'] [TTL=172800] l.gtld-servers.net was kind enough to give us that information. 
 | 
|  | TLD Parent Check | Good. l.gtld-servers.net, the parent server I interrogated, has information for your TLD. This is a good thing as there are some other domain extensions like "co.us" for example that are missing a direct check. | |
|  | Your nameservers are listed | Good. The parent server l.gtld-servers.net has your nameservers listed. This is a must if you want to be found as anyone that does not know your DNS servers will first ask the parent nameservers. | |
|  | DNS Parent sent Glue | Good. The parent nameserver sent GLUE, meaning he sent your nameservers as well as the IPs of your nameservers. Glue records are A records that are associated with NS records to provide "bootstrapping" information to the nameserver.(see RFC 1912 section 2.3) | |
|  | Nameservers A records | Good. Every nameserver listed has A records. This is a must if you want to be found. | |
| NS |  | NS records from your nameservers | NS records got from your nameservers listed at the parent NS are: ernest.ns.cloudflare.com ['173.245.59.164', '172.64.33.164', '108.162.193.164'] [TTL=86400] hazel.ns.cloudflare.com ['108.162.194.157', '162.159.38.157', '172.64.34.157'] [TTL=86400] | 
|  | Recursive Queries | Good. Your nameservers (the ones reported by the parent server) do not report that they allow recursive queries for anyone. | |
|  | Same Glue | The A records (the GLUE) got from the parent zone check are the same as the ones got from your nameservers. You have to make sure your parent server has the same NS records for your zone as you do according to the RFC. This tests only nameservers that are common at the parent and at your nameservers. If there are any missing or stealth nameservers you should see them below! | |
|  | Glue for NS records | INFO: GLUE was not sent when I asked your nameservers for your NS records.This is ok but you should know that in this case an extra A record lookup is required in order to get the IPs of your NS records. The nameservers without glue are: 173.245.59.164 172.64.34.157 You can fix this for example by adding A records to your nameservers for the zones listed above. | |
|  | Mismatched NS records | OK. The NS records at all your nameservers are identical. | |
|  | DNS servers responded | Good. All nameservers listed at the parent server responded. | |
|  | Name of nameservers are valid | OK. All of the NS records that your nameservers report seem valid. | |
|  | Multiple Nameservers | Good. You have multiple nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. | |
|  | Nameservers are lame | OK. All the nameservers listed at the parent servers answer authoritatively for your domain. | |
|  | Missing nameservers reported by parent | OK. All NS records are the same at the parent and at your nameservers. | |
|  | Missing nameservers reported by your nameservers | OK. All nameservers returned by the parent server l.gtld-servers.net are the same as the ones reported by your nameservers. | |
|  | Domain CNAMEs | OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. | |
|  | NSs CNAME check | OK. RFC1912 2.4 and RFC2181 10.3 state that there should be no CNAMEs if an NS (or any other) record is present. | |
|  | Different subnets | OK. Looks like you have nameservers on different subnets! | |
|  | IPs of nameservers are public | Ok. Looks like the IP addresses of your nameservers are public. This is a good thing because it will prevent DNS delays and other problems like | |
|  | DNS servers allow TCP connection | OK. Seems all your DNS servers allow TCP connections. This is a good thing and useful even if UDP connections are used by default. | |
|  | Different autonomous systems | OK. It seems you are safe from a single point of failure. You must be careful about this and try to have nameservers on different locations as it can prevent a lot of problems if one nameserver goes down. | |
|  | Stealth NS records sent | Ok. No stealth ns records are sent | |
| SOA |  | SOA record | The SOA record is: Primary nameserver: ernest.ns.cloudflare.com Hostmaster E-mail address: dns.cloudflare.com Serial #: 2386781519 Refresh: 10000 Retry: 2400 Expire: 604800 1 weeks Default TTL: 1800 | 
|  | NSs have same SOA serial | OK. All your nameservers agree that your SOA serial number is 2386781519. | |
|  | SOA MNAME entry | OK. ernest.ns.cloudflare.com That server is listed at the parent servers. | |
|  | SOA Serial | Your SOA serial number is: 2386781519. This can be ok if you know what you are doing. | |
|  | SOA REFRESH | OK. Your SOA REFRESH interval is: 10000. That is OK | |
|  | SOA RETRY | Your SOA RETRY value is: 2400. Looks ok | |
|  | SOA EXPIRE | Your SOA EXPIRE number is: 604800.Looks ok | |
|  | SOA MINIMUM TTL | Your SOA MINIMUM TTL is: 1800. This value was used to serve as a default TTL for records without a given TTL value and now is used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours. Your value of 1800 is OK. | |
| MX |  | MX Records | Oh well, I did not detect any MX records so you probably don't have any and if you know you should have then they may be missing at your nameservers! | 
| WWW |  | WWW A Record | Your www.theleatherable.com A record is: www.theleatherable.com [104.21.71.99] [172.67.144.95] | 
|  | IPs are public | OK. All of your WWW IPs appear to be public IPs. | |
|  | WWW CNAME | OK. No CNAME | 
Processed in 0.115 seconds.


