Shortcuts: 1. Basic DNS | 2. Url-Checks | 3. Comments | 4. Connections | 5. Certificates | 6. CT-Logs | 7. Html-Content | 8. CAA | 9. TXT |


X

DNS-problem - authoritative Nameserver refused, not defined or timeout

Checked:
12.03.2019 04:02:55


Older results

1. Basic DNS and Nameserver Checks

HostTIP-Addressis auth.∑ Queries∑ Timeout
lapizcorto.es

Refused
yes
1
0
www.lapizcorto.es

Refused
yes
1
0
lapizcorto.es
A
46.105.228.190
no


www.lapizcorto.es
A
46.105.228.190
no



Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

3 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 16749, Flags 256

Public Key with Algorithm 8, KeyTag 19164, Flags 385

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

2 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 23.03.2019, 00:00:00, Signature-Inception: 02.03.2019, 00:00:00, KeyTag 19164, Signer-Name: (root)

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 23.03.2019, 00:00:00, Signature-Inception: 02.03.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 19164 used to validate the DNSKEY RRSet

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
es
2 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.03.2019, 17:00:00, Signature-Inception: 11.03.2019, 16:00:00, KeyTag 16749, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 16749 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 489, Flags 256

Public Key with Algorithm 8, KeyTag 29450, Flags 257 (SEP = Secure Entry Point)

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.03.2019, 05:58:51, Signature-Inception: 07.03.2019, 07:44:57, KeyTag 29450, Signer-Name: es

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 29450 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 29450, DigestType 1 and Digest "QXvq+0ar80MLdcXCmu94XUdrYOE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 29450, DigestType 2 and Digest "i+wyosnP5C45O6+B/+cbUh0+lAYSpFkLR2OtxTnktWM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
lapizcorto.es
0 DS RR in the parent zone found

0 DNSKEY RR found


www.lapizcorto.es
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.lapizcorto.es
 

lapizcorto.es
  ns1.webalge.com
178.33.235.187

  ns2.webalge.com
87.98.147.49
es
  a.nic.es


  f.nic.es


  g.nic.es / 5.fra.pch


  ns1.cesca.es


  ns-es.nic.fr / dns.fra.nic.fr


  ns-ext.nic.cl / ns-ext.nic.cl 1


  sns-pb.isc.org / pb-ams-ns2.sns.isc.org



SOA - records (beta)

Domain:es
Primary:ns1.nic.es
Mail:hostmaster.nic.es
Serial:2019031106
Refresh:7200
Retry:7200
Expire:2592000
TTL:86400
num Entries:1


Domain:es
Primary:ns1.nic.es
Mail:hostmaster.nic.es
Serial:2019031201
Refresh:7200
Retry:7200
Expire:2592000
TTL:86400
num Entries:6


2. Url-Checks


show header:
Domainname Http-StatusredirectSec.G
• http://lapizcorto.es/
46.105.228.190
302
https://www.lapizcorto.es/
0.056
E
Date: Tue, 12 Mar 2019 03:03:17 GMT
Server: Apache
Location: https://www.lapizcorto.es/
Content-Length: 210
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.lapizcorto.es/
46.105.228.190
302
https://www.lapizcorto.es/
0.053
A
Date: Tue, 12 Mar 2019 03:03:17 GMT
Server: Apache
Location: https://www.lapizcorto.es/
Content-Length: 210
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://lapizcorto.es/
46.105.228.190
200

1.584
N
Certificate error: RemoteCertificateNameMismatch
Date: Tue, 12 Mar 2019 03:03:18 GMT
Server: Apache
Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
Accept-Ranges: bytes
Content-Length: 163
Connection: close
Content-Type: text/html

• https://www.lapizcorto.es/
46.105.228.190
200

1.343
N
Certificate error: RemoteCertificateNameMismatch
Date: Tue, 12 Mar 2019 03:03:19 GMT
Server: Apache
Last-Modified: Wed, 30 Jan 2019 02:06:03 GMT
Accept-Ranges: bytes
Content-Length: 163
Connection: close
Content-Type: text/html

• http://lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
46.105.228.190
302
https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.060
E
Visible Content: Found The document has moved here .
Date: Tue, 12 Mar 2019 03:03:20 GMT
Server: Apache
Location: https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Length: 279
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
46.105.228.190
302
https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.053
A
Visible Content: Found The document has moved here .
Date: Tue, 12 Mar 2019 03:03:21 GMT
Server: Apache
Location: https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Length: 279
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

404

2.853
N
Not Found
Certificate error: RemoteCertificateNameMismatch
Visible Content: 404 Not Found Please forward this error screen to www.lapizcorto.es's WebMaster . The server can not find the requested page: www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de (port 443) Copyright © 2016 cPanel, Inc.
Date: Tue, 12 Mar 2019 03:03:22 GMT
Server: Apache
Accept-Ranges: bytes
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

3. Comments

Aname "lapizcorto.es" is domain, public suffix is "es", top-level-domain-type is "country-code", Country is Spain, tld-manager is "Red.es"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
Agood: destination is https
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):0 complete Content-Type - header (3 urls)
https://lapizcorto.es/ 46.105.228.190


Url with incomplete Content-Type - header - missing charset
https://www.lapizcorto.es/ 46.105.228.190


Url with incomplete Content-Type - header - missing charset
https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de


Url with incomplete Content-Type - header - missing charset
Ahttp://www.lapizcorto.es/ 46.105.228.190
302
https://www.lapizcorto.es/
correct redirect http - https with the same domain name
Bhttps://lapizcorto.es/ 46.105.228.190
200

Missing HSTS-Header
Bhttps://www.lapizcorto.es/ 46.105.228.190
200

Missing HSTS-Header
CError - more then one version with Http-Status 200
CError - no preferred version www or non-www
Ehttp://lapizcorto.es/ 46.105.228.190
302
https://www.lapizcorto.es/
wrong redirect one domain http to other domain https - first redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security).
Nhttps://lapizcorto.es/ 46.105.228.190
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://www.lapizcorto.es/ 46.105.228.190
200

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
Nhttps://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404

Error - Certificate isn't trusted, RemoteCertificateNameMismatch
XFatal error: Nameserver doesn't support TCP connection: ns2.webalge.com / 87.98.147.49: Refused
XFatal error: Nameserver doesn't support TCP connection: ns1.webalge.com / 178.33.235.187: Refused
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 5 good Nameserver

Nameserver doesn't pass all EDNS-Checks: ns1.webalge.com / 178.33.235.187: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. FLAGS: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns2.webalge.com / 87.98.147.49: OP100: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. FLAGS: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. COOKIE: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: ns-es.nic.fr: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (dns.fra.nic.fr). COOKIE: SOA expected, but NOT found, NOERR expected, BADVER found, Version 0 expectend and found. CLIENTSUBNET: ok.
Nameserver doesn't pass all EDNS-Checks: sns-pb.isc.org: OP100: ok. FLAGS: ok. V1: ok. V1OP100: ok. V1FLAGS: ok. DNSSEC: ok. V1DNSSEC: ok. NSID: SOA expected, but NOT found, NOERR expectend and NOERR found, Version 0 expectend and found (pb-ams-ns2.sns.isc.org). COOKIE: fatal timeout. CLIENTSUBNET: ok.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
https://www.lapizcorto.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
404
2.853 seconds
Warning: 404 needs more then one second
ADuration: 28104 milliseconds, 28.104 seconds


4. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
lapizcorto.es
46.105.228.190
443
name does not match
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok
www.lapizcorto.es
46.105.228.190
443
name does not match
Tls12
ECDH Ephermal
384
Aes256
256
Sha384
supported
ok


5. Certificates

1.
1.
CN=ip190.ip-46-105-228.eu, OU=PositiveSSL, OU=Domain Control Validated
25.12.2018
26.12.2019
expires in 215 days
ip190.ip-46-105-228.eu, www.ip190.ip-46-105-228.eu - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:37A47DEE8337FB34CA832845A7D59EAB
Thumbprint:BEB13814223F25F865DCE97F1882427B18EF411E
SHA256 / Certificate:fXIhN1CEDltyvtnfQ9Bb0kOlRLwIMmY2vRVdq/hLlqk=
SHA256 hex / Cert (DANE * 0 1):7d72213750840e5b72bed9df43d05bd243a544bc08326636bd155dabf84b96a9
SHA256 hex / PublicKey (DANE * 1 1):6417a37af6607940aa47e85101bc958236021a8b523a141c9a3cefedf924ab58
OCSP - Url:http://ocsp.comodoca.com
OCSP - must staple:no
Certificate Transparency:yes


2.
CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, S=TX, C=US
18.05.2015
18.05.2025
expires in 2185 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:00F01D4BEE7B7CA37B3C0566AC05972458
Thumbprint:764D2FA59ED123F9C95570C403C92FEF338EA745
SHA256 / Certificate:ghzFXOfsXHT+u0L2JOtqNsR4IVox7Wfjz3I6Z+jHXro=
SHA256 hex / Cert (DANE * 0 1):821cc55ce7ec5c74febb42f624eb6a36c478215a31ed67e3cf723a67e8c75eba
SHA256 hex / PublicKey (DANE * 1 1):84e175ba988efb17af9c3110d77837698dccdd4a9ae3844de6b565c2f536582f
OCSP - Url:http://ocsp.comodoca.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
30.05.2000
30.05.2020
expires in 371 days


KeyalgorithmRSA encryption (4096 bit)
Signatur:SHA384 With RSA Encryption
Serial Number:2766EE56EB49F38EABD770A2FC84DE22
Thumbprint:F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0
SHA256 / Certificate:TzLV3AD3FSUKvMSGUR439QGomd6zv36orbvTrvHEEto=
SHA256 hex / Cert (DANE * 0 1):4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da
SHA256 hex / PublicKey (DANE * 1 1):82b5f84daf47a59c7ab521e4982aefa40a53406a3aec26039efa6b2e0e7244c1
OCSP - Url:http://ocsp.usertrust.com
OCSP - must staple:no
Certificate Transparency:no


4.
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
30.05.2000
30.05.2020
expires in 371 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:01
Thumbprint:02FAF3E291435468607857694DF5E45B68851868
SHA256 / Certificate:aH+kUTgieP/wyLEfjUPVdmccbrK86rQT+4PZZdBtL/I=
SHA256 hex / Cert (DANE * 0 1):687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2
SHA256 hex / PublicKey (DANE * 1 1):942a6916a6e4ae527711c5450247a2a74fb8e156a8254ca66e739a11493bb445
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



6. Last Certificates - Certificate Transparency Log Check (BETA)

1. Source CertSpotter - active certificates

No CertSpotter - Certificate-Transparency-Log informations found. The feature is new (startet 2019-05-07), so recheck this domain.


2. Source crt.sh - old and new certificates, sometimes very slow.

No Certificate-Transparency-Log informations found. The feature is new (startet 2019-03-21), so recheck this domain.


7. Html-Content - Entries (BETA - mixed content and other checks)

Summary

Subresource Integrity (SRI)
DomainnameHtmlElementrel/property∑ size∑ problems∑ int.∑ ext.∑ Origin poss.∑ SRI ParseErrors∑ SRI valid∑ SRI missing
https://lapizcorto.es/
46.105.228.190
meta
other
2

0






https://www.lapizcorto.es/
46.105.228.190
meta
other
2

0






Details

DomainnameHtml-Elementname/equiv/ property/relhref/src/contentHttpStatusmsgStatus
https://lapizcorto.es/
46.105.228.190
meta
Cache-control
no-cache


1
ok



meta
refresh
0;URL=/cgi-sys/defaultwebpage.cgi


1
ok


https://www.lapizcorto.es/
46.105.228.190
meta
Cache-control
no-cache


1
ok



meta
refresh
0;URL=/cgi-sys/defaultwebpage.cgi


1
ok



8. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
lapizcorto.es
-5

Refused - The name server refuses to perform the specified operation for policy reasons
1
0
es
0

no CAA entry found
1
0


9. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
lapizcorto.es

Refused - The name server refuses to perform the specified operation for policy reasons
1
0
_acme-challenge.lapizcorto.es

Refused - The name server refuses to perform the specified operation for policy reasons
1
0
_acme-challenge.lapizcorto.es.lapizcorto.es

Refused - The name server refuses to perform the specified operation for policy reasons
1
0



Permalink: https://check-your-website.server-daten.de/?i=8fdd511c-b419-4670-a4b4-e92f3d60ecf0


Last Result: https://check-your-website.server-daten.de/?q=lapizcorto.es - 2019-03-12 04:02:55