X

DNS-problem - authoritative Nameserver refused, not defined or timeout

Checked:
15.05.2019 07:02:59


Older results


1. IP-Addresses

HostTIP-Addressis auth.∑ Queries∑ Timeout
gun-ice.co.uk
A
94.175.67.29
Hostname: cpc1-newt38-2-0-cust796.19-3.cable.virginm.net
yes
1
0

AAAA

yes


www.gun-ice.co.uk
A
94.175.67.29
Hostname: cpc1-newt38-2-0-cust796.19-3.cable.virginm.net
yes
1
0

AAAA

yes



2. DNSSEC

Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2019, 00:00:00, Signature-Inception: 11.05.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
uk
1 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2019, 22:00:00, Signature-Inception: 14.05.2019, 21:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 43056, Flags 256

Public Key with Algorithm 8, KeyTag 43876, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 28.05.2019, 07:25:32, Signature-Inception: 14.05.2019, 07:02:05, KeyTag 43876, Signer-Name: uk

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 43876 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 43876, DigestType 2 and Digest "oQftKsG9FNkkFzvH6CehFTWCByOU+Scro34jU7xllgM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
co.uk
1 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 28.05.2019, 12:07:04, Signature-Inception: 14.05.2019, 11:58:13, KeyTag 43056, Signer-Name: uk

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 43056 used to validate the DS RRSet in the parent zone

1 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 33621, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 16.06.2019, 12:10:36, Signature-Inception: 12.05.2019, 11:59:55, KeyTag 33621, Signer-Name: co.uk

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 33621 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 33621, DigestType 2 and Digest "uRmdi3/KcQfXjEGNHRvJ6f6dm5sYe9E8ltxLZYJCXNg=" validates local Key with the same values
gun-ice.co.uk
0 DS RR in the parent zone found

DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed domain name between the hashed NSEC3-owner and the hashed NextOwner. So the parent zone confirmes the non-existence of a DS RR.

0 DNSKEY RR found


www.gun-ice.co.uk
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.gun-ice.co.uk
  ns.microlite1.com

gun-ice.co.uk
  ns.microlite1.com
109.75.167.7

U  ns2.microlite1.com
109.75.167.11
co.uk
  dns1.nic.uk


  dns2.nic.uk


  dns3.nic.uk


  dns4.nic.uk


  nsa.nic.uk


  nsb.nic.uk


  nsc.nic.uk


  nsd.nic.uk

uk
  dns1.nic.uk


  dns2.nic.uk


  dns3.nic.uk


  dns4.nic.uk


  nsa.nic.uk


  nsb.nic.uk


  nsc.nic.uk


  nsd.nic.uk


4. SOA-Entries


Domain:uk
Primary:dns1.nic.uk
Mail:hostmaster.nic.uk
Serial:1404163692
Refresh:7200
Retry:900
Expire:2419200
TTL:10800
num Entries:8


Domain:co.uk
Primary:dns1.nic.uk
Mail:hostmaster.nominet.org.uk
Serial:1307916464
Refresh:900
Retry:300
Expire:2419200
TTL:10800
num Entries:2


Domain:co.uk
Primary:dns1.nic.uk
Mail:hostmaster.nominet.org.uk
Serial:1307916465
Refresh:900
Retry:300
Expire:2419200
TTL:10800
num Entries:6


Domain:gun-ice.co.uk
Primary:ns.microlite1.com
Mail:root.microlite1.com
Serial:1085240522
Refresh:10800
Retry:3600
Expire:604800
TTL:3840
num Entries:1


Domain:www.gun-ice.co.uk
Primary:ns.microlite1.com
Mail:root.microlite1.com
Serial:1085240522
Refresh:10800
Retry:3600
Expire:604800
TTL:3840
num Entries:1


5. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://gun-ice.co.uk/
94.175.67.29
200

1.190
H
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 15 May 2019 05:02:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Link: <http://gun-ice.co.uk/index.php?rest_route=/>; rel="https://api.w.org/",<http://gun-ice.co.uk/>; rel=shortlink
Vary: Accept-Encoding

• http://www.gun-ice.co.uk/
94.175.67.29
404

0.120
M
Not Found
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 15 May 2019 05:02:55 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 281
Connection: close

• https://gun-ice.co.uk/
94.175.67.29
404

0.530
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 15 May 2019 05:04:33 GMT
Connection: close
Content-Length: 315

• https://www.gun-ice.co.uk/
94.175.67.29
404

0.520
N
Not Found
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 15 May 2019 05:04:33 GMT
Connection: close
Content-Length: 315

• http://gun-ice.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
94.175.67.29
404

0.113
A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.18 (Ubuntu) Server at gun-ice.co.uk Port 80
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 15 May 2019 05:02:57 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 346
Connection: close

• http://www.gun-ice.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
94.175.67.29
404

0.110
A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.18 (Ubuntu) Server at www.gun-ice.co.uk Port 80
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 15 May 2019 05:02:57 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 350
Connection: close

6. Comments

Aname "gun-ice.co.uk" is domain, public suffix is "co.uk", top-level-domain-type is "country-code", Country is United Kingdom of Great Britain and Northern Ireland, tld-manager is "Nominet UK"
Agood: All ip addresses are public addresses
Agood - only one version with Http-Status 200
AGood: All urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset)
Hfatal error: No https - result with http-status 200, no encryption
HFatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
Mhttp://www.gun-ice.co.uk/ 94.175.67.29
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://gun-ice.co.uk/ 94.175.67.29
404

Misconfiguration - main pages should never send http status 400 - 499
Mhttps://www.gun-ice.co.uk/ 94.175.67.29
404

Misconfiguration - main pages should never send http status 400 - 499
Nhttps://gun-ice.co.uk/ 94.175.67.29
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Nhttps://www.gun-ice.co.uk/ 94.175.67.29
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch, RemoteCertificateChainErrors
XFatal error: Nameserver isn't defined or has timeout
XFatal error: Nameserver doesn't support TCP connection: ns2.microlite1.com / 109.75.167.11: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - No connection could be made because the target machine actively refused it 109.75.167.11:53
XNameserver Timeout checking Echo Capitalization: ns2.microlite1.com / 109.75.167.11
XNameserver Timeout checking EDNS512: ns2.microlite1.com / 109.75.167.11
Nameserver doesn't pass all EDNS-Checks: dns1.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns1.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns2.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns2.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns3.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns3.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns4.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: dns4.nic.uk: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: ok. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns2.microlite1.com / 109.75.167.11: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, there must be a certificate. But the certificate may be expired or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
AInfo: Different Server-Headers found
ADuration: 95734 milliseconds, 95.734 seconds


7. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
gun-ice.co.uk
94.175.67.29
443
Certificate/chain invalid and wrong name
Tls12
DiffieHellman
2048
Aes256
256
Sha384
error checking OCSP stapling
ok
gun-ice.co.uk
94.175.67.29
443
Certificate/chain invalid and wrong name
Tls12
DiffieHellman
2048
Aes256
256
Sha384
error checking OCSP stapling
ok
Self signed certificate
1CN=Windows Media Player Network Sharing Service (DESKTOP-RN8L830)
www.gun-ice.co.uk
94.175.67.29
443
Certificate/chain invalid and wrong name
Tls12
DiffieHellman
2048
Aes256
256
Sha384
error checking OCSP stapling
ok
www.gun-ice.co.uk
94.175.67.29
443
Certificate/chain invalid and wrong name
Tls12
DiffieHellman
2048
Aes256
256
Sha384
error checking OCSP stapling
ok
Self signed certificate
1CN=Windows Media Player Network Sharing Service (DESKTOP-RN8L830)


8. Certificates

1.
1.
CN=Windows Media Player Network Sharing Service (DESKTOP-RN8L830)
16.01.2019
16.01.2119
expires in 36311 days

1.
1.
CN=Windows Media Player Network Sharing Service (DESKTOP-RN8L830)
16.01.2019

16.01.2119
expires in 36311 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:2656D6DFD22B51BB4104343BEDBEA230
Thumbprint:CA65D45F1F4E97611F696AEAA2E31CFB5EEDAC8C
SHA256 / Certificate:M6C+lQaOkua/8Y77dwFN9DRaDazQqpJHK3UngYpW9y8=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):234369243c79134aad4e1c96a7ff332dcda8a8d0bfe6c7c14b92e168e19292a4
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no

UntrustedRoot: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


9. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
0
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
911733850
leaf cert
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-05-14 15:45:16
2019-08-12 15:45:16
gun-ice.co.uk - 1 entries



2. Source crt.sh - old and new certificates, sometimes very slow.

No CRT - CT-Log entries found


10. Html-Content - Entries (BETA - mixed content and other checks)

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://gun-ice.co.uk/
94.175.67.29
meta
other
1

0






https://www.gun-ice.co.uk/
94.175.67.29
meta
other
1

0






Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://gun-ice.co.uk/
94.175.67.29
meta
Content-Type
text/html; charset=us-ascii


1
ok


https://www.gun-ice.co.uk/
94.175.67.29
meta
Content-Type
text/html; charset=us-ascii


1
ok



11. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.gun-ice.co.uk
0

no CAA entry found
1
0
gun-ice.co.uk
0

no CAA entry found
1
0
co.uk
0

no CAA entry found
1
0
uk
0

no CAA entry found
1
0


12. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
gun-ice.co.uk
94.175.67.29
ok
1
0
www.gun-ice.co.uk

ok
1
0
_acme-challenge.gun-ice.co.uk

Name Error - The domain name does not exist
1
0
_acme-challenge.www.gun-ice.co.uk

Name Error - The domain name does not exist
1
0
_acme-challenge.gun-ice.co.uk.gun-ice.co.uk

Name Error - The domain name does not exist
1
0
_acme-challenge.www.gun-ice.co.uk.gun-ice.co.uk

Name Error - The domain name does not exist
1
0
_acme-challenge.www.gun-ice.co.uk.www.gun-ice.co.uk

Name Error - The domain name does not exist
1
0


13. Portchecks (BETA)

No Port informations found. The feature is new (startet 2019-07-09), so recheck this domain.



Permalink: https://check-your-website.server-daten.de/?i=dec6d89f-de58-4ca8-999d-212274b387a4


Last Result: https://check-your-website.server-daten.de/?q=gun-ice.co.uk - 2019-05-15 07:02:59


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=gun-ice.co.uk" target="_blank">Check this Site: gun-ice.co.uk</a>