Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


X

DNS-problem - authoritative Nameserver refused, not defined or timeout

Checked:
14.05.2019 15:05:44


Older results

No older results found

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
danielchong.asuscomm.com
A
58.182.8.72
yes
1
0

AAAA

yes


www.danielchong.asuscomm.com

Refused
yes
1
0


Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
com
1 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2019, 05:00:00, Signature-Inception: 14.05.2019, 04:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 3800, Flags 256

Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2019, 18:25:33, Signature-Inception: 12.05.2019, 18:20:33, KeyTag 30909, Signer-Name: com

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
asuscomm.com
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


danielchong.asuscomm.com
0 DS RR in the parent zone found

0 DNSKEY RR found


www.danielchong.asuscomm.com
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.danielchong.asuscomm.com
 

danielchong.asuscomm.com
U  ns1.asuscomm.com
103.10.4.108
asuscomm.com
U  ns1.asuscomm.com

com
  a.gtld-servers.net


  b.gtld-servers.net


  c.gtld-servers.net


  d.gtld-servers.net


  e.gtld-servers.net


  f.gtld-servers.net


  g.gtld-servers.net


  h.gtld-servers.net


  i.gtld-servers.net


  j.gtld-servers.net


  k.gtld-servers.net


  l.gtld-servers.net


  m.gtld-servers.net



SOA - records (beta)

Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557839117
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557839117
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557839132
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:11


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557839132
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:11


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557839147
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:com
Primary:a.gtld-servers.net
Mail:nstld.verisign-grs.com
Serial:1557839147
Refresh:1800
Retry:900
Expire:604800
TTL:86400
num Entries:1


Domain:asuscomm.com
Primary:ns1.asuscomm.com
Mail:chris1_wang.asuscomm.com
Serial:42
Refresh:28800
Retry:7200
Expire:604800
TTL:30
num Entries:1


Domain:danielchong.asuscomm.com
Primary:ns1.asuscomm.com
Mail:chris1_wang.asuscomm.com
Serial:42
Refresh:28800
Retry:7200
Expire:604800
TTL:30
num Entries:1


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://danielchong.asuscomm.com/
58.182.8.72
-2

1.600
V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 58.182.8.72:80

• https://danielchong.asuscomm.com/
58.182.8.72
401

2.676
N
Unauthorized
Certificate error: RemoteCertificateChainErrors
Content-Type: text/html
Content-Length: 11462
Connection: close
X-Frame-Options: SAMEORIGIN
Date: Tue, 14 May 2019 13:06:41 GMT
Server: lighttpd/1.4.39

• http://danielchong.asuscomm.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
58.182.8.72
-2

1.610
V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 58.182.8.72:80
Visible Content:

3. Comments

Aname "danielchong.asuscomm.com" is subdomain, public suffix is "com", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services"
Agood: All ip addresses are public addresses
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (1 urls)
https://danielchong.asuscomm.com/ 58.182.8.72


Url with incomplete Content-Type - header - missing charset
CError - no version with Http-Status 200
Hfatal error: No https - result with http-status 200, no encryption
Mhttps://danielchong.asuscomm.com/ 58.182.8.72
401

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://danielchong.asuscomm.com/ 58.182.8.72
401

Error - Certificate isn't trusted, RemoteCertificateChainErrors
Vhttp://danielchong.asuscomm.com/ 58.182.8.72
-2

connect failure - perhaps firewall
Vhttp://danielchong.asuscomm.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 58.182.8.72
-2

connect failure - perhaps firewall
XFatal error: Nameserver isn't defined or has timeout
XFatal error: Nameserver doesn't support TCP connection: ns1.asuscomm.com: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - No connection could be made because the target machine actively refused it 103.10.4.108:53
XFatal error: Nameserver doesn't support TCP connection: ns1.asuscomm.com / 103.10.4.108: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - No connection could be made because the target machine actively refused it 103.10.4.108:53
AGood: Nameserver supports Echo Capitalization: 1 good Nameserver
XFatal error: Nameserver doesn't support EDNS with max. 512 Byte Udp payload or sends more then 512 Bytes: ns1.asuscomm.com

Nameserver doesn't pass all EDNS-Checks: ns1.asuscomm.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns1.asuscomm.com / 103.10.4.108: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
ADuration: 68020 milliseconds, 68.020 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
danielchong.asuscomm.com
58.182.8.72
443
Certificate/chain invalid
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain - incomplete
1CN=danielchong.asuscomm.com


5. Certificates

1.
1.
CN=danielchong.asuscomm.com
07.02.2019
08.05.2019
18 days expired
danielchong.asuscomm.com - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0348BD41FA16BBEDF2B5A138BDC6AC95DE4D
Thumbprint:E4B6CA16B52B6E99AB21015AF316FF57C67255A5
SHA256 / Certificate:SXXTveovOMWUFMbLeLozpguEK3VCS9iDW6U9tswEs6Y=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):cdca1772ac7edef7a88ba635b8d7133734ed0dc167877f76079c5b31386a3c3e
OCSP - Url:http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes

NotTimeValid: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016
17.03.2021
expires in 661 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A0141420000015385736A0B85ECA708
Thumbprint:E6A3B45B062D509B3382282D196EFE97D5956CCB
SHA256 / Certificate:JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=
SHA256 hex / Cert (DANE * 0 1):25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA256 hex / PublicKey (DANE * 1 1):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
OCSP - Url:http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
expires in 858 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
1
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
884591187
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-28 09:28:16
2019-07-27 09:28:16
danielchong.asuscomm.com
1 entries



2. Source crt.sh - old and new certificates, sometimes very slow.

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
1
2

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1426239825
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-04-28 07:28:16
2019-07-27 07:28:16
danielchong.asuscomm.com
1 entries


1180611185
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-02-07 02:54:06
2019-05-08 01:54:06
danielchong.asuscomm.com
1 entries



7. Html-Content - Entries (BETA - mixed content and other checks)

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://danielchong.asuscomm.com/
58.182.8.72
link
other
2
116,995 Bytes
0
2
0





meta
apple
2

0







meta
other
5

0







script

2
1,534 Bytes
0
2
0




Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://danielchong.asuscomm.com/
58.182.8.72
link
apple-touch-icon
/smb/css/appicon.png
200
3250 Bytes

1
ok



link
apple-touch-startup-image
/smb/css/startup.png
200
113745 Bytes

1
ok



meta
Cache-control
no-cache


1
ok



meta
Content-Type
text/html; charset=utf-8


1
ok



meta
X-UA-Compatible
IE=edge


2
ok



meta
apple-mobile-web-app-capable
yes


1
ok



meta
apple-mobile-web-app-status-bar-style
black


1
ok



meta
viewport
width=device-width, minimum-scale=1.0, maximum-scale=1, user-scalable=no


1
ok



script
src
/smb/js/davclient_tools.js
200
565 Bytes

1
ok



script
src
/smb/js/tools.js
200
969 Bytes

1
ok



8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
danielchong.asuscomm.com
0

no CAA entry found
1
0
asuscomm.com
0

no CAA entry found
1
0
com
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
danielchong.asuscomm.com

ok
1
0
_acme-challenge.danielchong.asuscomm.com

Name Error - The domain name does not exist
1
0
_acme-challenge.danielchong.asuscomm.com.danielchong.asuscomm.com

Refused - The name server refuses to perform the specified operation for policy reasons
1
0



Permalink: https://check-your-website.server-daten.de/?i=c97ef295-baa8-426e-baf5-24c5f103e107


Last Result: https://check-your-website.server-daten.de/?q=danielchong.asuscomm.com - 2019-05-14 15:05:44