Check DNS, Urls + Redirects, Certificates and Content of your Website

hide

skip EDNS-Check

skip Content-Check

check links

Connect failure - perhaps firewall

Checked:
14.05.2022 17:29:06

Older results

No older results found

1. IP-Addresses

Host	Type	IP-Address	is auth.	∑ Queries	∑ Timeout
requester.plexseer.net	CNAME	plexseer.duckdns.org	yes	1	0
	A	23.84.119.53 Belleville/Illinois/United States (US) - Charter Communications Hostname: 023-084-119-053.res.spectrum.com	yes
www.requester.plexseer.net		Name Error	yes	1	0
*.plexseer.net	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes
*.requester.plexseer.net	A	Name Error	yes
	AAAA	Name Error	yes
	CNAME	Name Error	yes

2. DNSSEC

Zone (*)	DNSSEC - Informations

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 47671, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2022, 00:00:00 +, Signature-Inception: 11.05.2022, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: net
net	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2022, 05:00:00 +, Signature-Inception: 14.05.2022, 04:00:00 +, KeyTag 47671, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 47671 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 35886, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 45728, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 19.05.2022, 16:28:30 +, Signature-Inception: 04.05.2022, 16:23:30 +, KeyTag 35886, Signer-Name: net


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35886 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest "eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: plexseer.net
plexseer.net	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 56035, DigestType 2 and Digest Vxjb8fIlzZoaVpe4dau6ozk7RnPACTrQ9u6d3Z+rJwY=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner plexseer.net., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 21.05.2022, 14:01:53 +, Signature-Inception: 14.05.2022, 12:51:53 +, KeyTag 45728, Signer-Name: net


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 45728 used to validate the DS RRSet in the parent zone


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 15670, Flags 256


	Public Key with Algorithm 8, KeyTag 56035, Flags 257 (SEP = Secure Entry Point)


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner plexseer.net., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 04.06.2022, 14:01:50 +, Signature-Inception: 13.05.2022, 14:01:50 +, KeyTag 56035, Signer-Name: plexseer.net


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 56035 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 56035, DigestType 2 and Digest "Vxjb8fIlzZoaVpe4dau6ozk7RnPACTrQ9u6d3Z+rJwY=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: requester.plexseer.net
requester.plexseer.net	0 DS RR in the parent zone found


	RRSIG Type 5 validates the CNAME - Result: plexseer.duckdns.org Validated: RRSIG-Owner requester.plexseer.net., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 04.06.2022, 14:01:50 +, Signature-Inception: 13.05.2022, 14:01:50 +, KeyTag 15670, Signer-Name: plexseer.net

Zone: www.requester.plexseer.net
www.requester.plexseer.net	0 DS RR in the parent zone found


	DS-Query in the parent zone sends valid NSEC3 RR with the Hash "rh8vq5t769ihapqdnh3ru3l11laumpne" as Owner. That's the Hash of "requester.plexseer.net" with the NextHashedOwnerName "1abflf2tua4s9tcle6oapluh68jpkolt". So that domain name is the Closest Encloser of "www.requester.plexseer.net". Opt-Out: False. Bitmap: CNAME, RRSIG Validated: RRSIG-Owner rh8vq5t769ihapqdnh3ru3l11laumpne.plexseer.net., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 04.06.2022, 14:01:50 +, Signature-Inception: 13.05.2022, 14:01:50 +, KeyTag 15670, Signer-Name: plexseer.net


	Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner 1abflf2tua4s9tcle6oapluh68jpkolt.plexseer.net., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 04.06.2022, 14:01:50 +, Signature-Inception: 13.05.2022, 14:01:50 +, KeyTag 15670, Signer-Name: plexseer.net


	The ClosestEncloser says, that "*.requester.plexseer.net" with the Hash "3fdph17agmopkkg97ijedk9ltk0f9qef" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "1abflf2tua4s9tcle6oapluh68jpkolt" and the Next Owner "5t0t95j2emivtap2k7matdqh49damf08", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False. Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner 1abflf2tua4s9tcle6oapluh68jpkolt.plexseer.net., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 04.06.2022, 14:01:50 +, Signature-Inception: 13.05.2022, 14:01:50 +, KeyTag 15670, Signer-Name: plexseer.net

Zone: (root)
(root)	1 DS RR published


	DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=


	• Status: Valid because published


	2 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 47671, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.06.2022, 00:00:00 +, Signature-Inception: 11.05.2022, 00:00:00 +, KeyTag 20326, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: org
org	1 DS RR in the parent zone found


	DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=


	1 RRSIG RR to validate DS RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.05.2022, 05:00:00 +, Signature-Inception: 14.05.2022, 04:00:00 +, KeyTag 47671, Signer-Name: (root)


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 47671 used to validate the DS RRSet in the parent zone


	3 DNSKEY RR found


	Public Key with Algorithm 8, KeyTag 15843, Flags 256


	Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point)


	Public Key with Algorithm 8, KeyTag 41346, Flags 256


	1 RRSIG RR to validate DNSKEY RR found


	RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 900 sec, Signature-expiration: 30.05.2022, 15:28:29 +, Signature-Inception: 09.05.2022, 14:28:29 +, KeyTag 26974, Signer-Name: org


	• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet


	• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: duckdns.org
duckdns.org	0 DS RR in the parent zone found


	DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "3gitsp85pi8earriv69nd1drdiv6j8m1" between the hashed NSEC3-owner "3girek7tpo8h3m0je8sh7bmjl4tjtv65" and the hashed NextOwner "3giuuaks70tm1fiabnkqdb77rdg4p5o4". So the parent zone confirmes the not-existence of a DS RR. Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 3girek7tpo8h3m0je8sh7bmjl4tjtv65.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 30.05.2022, 15:28:29 +, Signature-Inception: 09.05.2022, 14:28:29 +, KeyTag 15843, Signer-Name: org


	DS-Query in the parent zone sends valid NSEC3 RR with the Hash "1i870vj5h429vj9pci7ar6e9gki74tr7" as Owner. That's the Hash of "org" with the NextHashedOwnerName "1i87r64gaju4o91mhkbu7i9ekbs7k8ut". So that domain name is the Closest Encloser of "duckdns.org". Opt-Out: True. Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 1i870vj5h429vj9pci7ar6e9gki74tr7.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 04.06.2022, 15:29:18 +, Signature-Inception: 14.05.2022, 14:29:18 +, KeyTag 15843, Signer-Name: org


	0 DNSKEY RR found




Zone: plexseer.duckdns.org
plexseer.duckdns.org	0 DS RR in the parent zone found


	0 DNSKEY RR found

3. Name Servers

Domain	Nameserver	NS-IP
www.requester.plexseer.net	• ns-cloud-e1.googledomains.com
plexseer.net	• ns-cloud-e1.googledomains.com	2001:4860:4802:32::6e Mountain View/California/United States (US) - Google LLC	•
	• ns-cloud-e2.googledomains.com	2001:4860:4802:34::6e Mountain View/California/United States (US) - Google LLC	•
	• ns-cloud-e3.googledomains.com	2001:4860:4802:36::6e Mountain View/California/United States (US) - Google LLC	•
	• ns-cloud-e4.googledomains.com	2001:4860:4802:38::6e Mountain View/California/United States (US) - Google LLC	•
net	• a.gtld-servers.net / nnn1-fra6		•
	• b.gtld-servers.net / nnn1-eltxl2		•
	• c.gtld-servers.net / nnn1-fra6		•
	• d.gtld-servers.net / nnn1-fra6		•
	• e.gtld-servers.net / nnn1-fra6		•
	• f.gtld-servers.net / nnn1-fra5		•
	• g.gtld-servers.net / nnn1-fra5		•
	• h.gtld-servers.net / nnn1-fra5		•
	• i.gtld-servers.net / nnn1-fra5		•
	• j.gtld-servers.net / nnn1-nlams-1c		•
	• k.gtld-servers.net / nnn1-nlams-1c		•
	• l.gtld-servers.net / nnn1-nlams-1d		•
	• m.gtld-servers.net / nnn1-nlams-1c		•

plexseer.duckdns.org	• ns1.duckdns.org	99.79.143.35 Toronto/Ontario/Canada (CA) - Amazon.com, Inc.
	• ns2.duckdns.org	35.182.183.211 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
	• ns3.duckdns.org	35.183.157.249 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
	• ns4.duckdns.org	3.97.51.116 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
	• ns5.duckdns.org	99.79.16.64 Toronto/Ontario/Canada (CA) - Amazon.com, Inc.
	• ns6.duckdns.org	3.97.58.28 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
duckdns.org	• ns1.duckdns.org	99.79.143.35 Toronto/Ontario/Canada (CA) - Amazon.com, Inc.
	• ns2.duckdns.org	35.182.183.211 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
	• ns3.duckdns.org	35.183.157.249 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
	• ns4.duckdns.org	3.97.51.116 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
	• ns5.duckdns.org	99.79.16.64 Toronto/Ontario/Canada (CA) - Amazon.com, Inc.
	• ns6.duckdns.org	3.97.58.28 Toronto/Ontario/Canada (CA) - Amazon Technologies Inc.
org	• a0.org.afilias-nst.info / ns000b.app6.ams2.afilias-nst.info		•
	• a2.org.afilias-nst.info / LHR6		•
	• b0.org.afilias-nst.org / app24.lax1.hosts.meta.redstone.afilias-nst.info-1633102198		•
	• b2.org.afilias-nst.org / LHR7		•
	• c0.org.afilias-nst.info / app32.nrt1.hosts.meta.redstone.afilias-nst.info-1615580861		•
	• d0.org.afilias-nst.org / app29.nrt1.hosts.meta.redstone.afilias-nst.info-1615580861		•

4. SOA-Entries

Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1652542116
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	3

Domain:	net
Zone-Name:	net
Primary:	a.gtld-servers.net
Mail:	nstld.verisign-grs.com
Serial:	1652542131
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	10

Domain:	plexseer.net
Zone-Name:	plexseer.net
Primary:	ns-cloud-e1.googledomains.com
Mail:	cloud-dns-hostmaster.google.com
Serial:	4
Refresh:	21600
Retry:	3600
Expire:	259200
TTL:	300
num Entries:	4

Domain:	www.requester.plexseer.net
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:	1


Domain:	org
Zone-Name:	org
Primary:	a0.org.afilias-nst.info
Mail:	noc.afilias-nst.info
Serial:	2014841901
Refresh:	1800
Retry:	900
Expire:	604800
TTL:	86400
num Entries:	6

Domain:	duckdns.org
Zone-Name:	duckdns.org
Primary:	ns1.duckdns.org
Mail:	hostmaster.duckdns.org
Serial:	2021081401
Refresh:	6000
Retry:	120
Expire:	2419200
TTL:	600
num Entries:	6

Domain:	plexseer.duckdns.org
Zone-Name:	duckdns.org
Primary:	ns1.duckdns.org
Mail:	hostmaster.duckdns.org
Serial:	2021081401
Refresh:	6000
Retry:	120
Expire:	2419200
TTL:	600
num Entries:	6

5. Screenshots

No Screenshot listed, because no url-check with https + http status 200-299, 400-599 + not-ACME-check found.

6. Url-Checks

show header:

Domainname	Http-Status	redirect	Sec.	G
• http://requester.plexseer.net/ 23.84.119.53	302	http://requester.plexseer.net/Main Html is minified: 111.29 %	0.297	D
Server: nginx
Date: Sat, 14 May 2022 15:43:16 GMT
Content-Type: text/html
Content-Length: 138
Connection: close
Location: http://requester.plexseer.net/Main

• http://requester.plexseer.net/Main	200	Html is minified: 244.04 %	0.840
Server: nginx
Date: Sat, 14 May 2022 15:43:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/7.4.15
Set-Cookie: unraid_d3b9faf1dcc42a5130841edd56cb978c=076d29ceff4c15e2f8f21861ddffafcf; path=/; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

• https://requester.plexseer.net/ 23.84.119.53	-2		1.420	V
ConnectFailure - Unable to connect to the remote server

• http://requester.plexseer.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 23.84.119.53 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0	404	Html is minified: 110.61 %	0.287	A
Not Found
Visible Content: 404 Not Found nginx
Server: nginx
Date: Sat, 14 May 2022 15:43:18 GMT
Content-Type: text/html
Content-Length: 146
Connection: close

• https://23.84.119.53/ 23.84.119.53	-2		1.423	V
ConnectFailure - Unable to connect to the remote server

7. Comments

	1. General Results, most used to calculate the result
A	name "requester.plexseer.net" is subdomain, public suffix is ".net", top-level-domain is ".net", top-level-domain-type is "generic", tld-manager is "VeriSign Global Registry Services", num .net-domains preloaded: 7088 (complete: 175327)
A	good: All ip addresses are public addresses
	Warning: Only one ip address found: requester.plexseer.net has only one ip address.
	Warning: No ipv6 address found. Ipv6 is the future with a lot of new features. So every domain name should have an ipv6 address. See https://en.wikipedia.org/wiki/IPv6: requester.plexseer.net has no ipv6 address.
A	good: No asked Authoritative Name Server had a timeout
A	DNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
A	good - only one version with Http-Status 200
	HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
A	Good: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):1 complete Content-Type - header (2 urls)
	http://requester.plexseer.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 23.84.119.53			Url with incomplete Content-Type - header - missing charset
	http://requester.plexseer.net/Main	200	unraid_d3b9faf1dcc42a5130841edd56cb978c=076d29ceff4c15e2f8f21861ddffafcf; path=/; HttpOnly; SameSite=Lax	Fatal: Cookie sent via http. Never send Cookies / Session-Cookies via http. If a user uses an insecure WLan and if the same cookie is used to managed the authenticated session, it's possible to hack that user. Same with HttpOnly - without https that's only decorative.
D	http://requester.plexseer.net/ 23.84.119.53	302	http://requester.plexseer.net/Main	Wrong redirect one domain http to other domain http. First redirect to https without changing the domain, so no new dns query is required. So the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
H	fatal error: No https - result with http-status 200, no encryption
H	Fatal error: http result with http-status 200, no encryption. Add a redirect http ⇒ https, so every connection is secure. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop.
V	https://requester.plexseer.net/ 23.84.119.53	-2		connect failure - perhaps firewall
V	https://23.84.119.53/ 23.84.119.53	-2		connect failure - perhaps firewall
X	Fatal error: Nameserver doesn't support TCP connection: ns1.duckdns.org / 99.79.143.35: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: ns2.duckdns.org / 35.182.183.211: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: ns3.duckdns.org / 35.183.157.249: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: ns4.duckdns.org / 3.97.51.116: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: ns5.duckdns.org / 99.79.16.64: Timeout
X	Fatal error: Nameserver doesn't support TCP connection: ns6.duckdns.org / 3.97.58.28: Timeout
	Info: Checking the ip addresses of that domain name not exact one certificate found. So it's impossible to check if that domain requires Server Name Indication (SNI).: Domain requester.plexseer.net, 1 ip addresses.
	2. DNS- and NameServer - Checks
A	Info:: 13 Root-climbing DNS Queries required to find all IPv4- and IPv6-Addresses of 4 Name Servers.
A	Info:: 13 Queries complete, 13 with IPv6, 0 with IPv4.
A	Good: All DNS Queries done via IPv6.
	Ok (4 - 8):: An average of 3.3 queries per domain name server required to find all ip addresses of all name servers.
A	Info:: 4 different Name Servers found: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 4 Name Servers included in Delegation: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 4 Name Servers included in 1 Zone definitions: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com, 1 Name Servers listed in SOA.Primary: ns-cloud-e1.googledomains.com.
A	Good: Only one SOA.Primary Name Server found.: ns-cloud-e1.googledomains.com.
A	Good: SOA.Primary Name Server included in the delegation set.: ns-cloud-e1.googledomains.com.
A	Good: All Name Server Domain Names have a Public Suffix.
A	Good: All Name Server Domain Names ending with a Public Suffix have minimal one IPv4- or IPv6 address.
A	Good: All Name Server ip addresses are public.
A
A	Info: IPv6-Subnet-list: 4 Name Servers with IPv6, 1 different subnets (first block): 2001:, 1 different subnets (first two blocks): 2001:4860:, 1 different subnets (first three blocks): 2001:4860:4802:, 4 different subnets (first four blocks): 2001:4860:4802:0032:, 2001:4860:4802:0034:, 2001:4860:4802:0036:, 2001:4860:4802:0038:
A	Good: Name Server IPv6 addresses from different subnets found.
A	Good: Nameserver supports TCP connections: 4 good Nameserver
A	Good: Nameserver supports Echo Capitalization: 4 good Nameserver
A	Good: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 4 good Nameserver
A	Good: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 4 good Nameserver
	Nameserver doesn't pass all EDNS-Checks: ns1.duckdns.org / 99.79.143.35: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns1.duckdns.org / 99.79.143.35: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns2.duckdns.org / 35.182.183.211: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns2.duckdns.org / 35.182.183.211: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns3.duckdns.org / 35.183.157.249: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns3.duckdns.org / 35.183.157.249: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns4.duckdns.org / 3.97.51.116: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns4.duckdns.org / 3.97.51.116: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns5.duckdns.org / 99.79.16.64: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns5.duckdns.org / 99.79.16.64: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns6.duckdns.org / 3.97.58.28: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns6.duckdns.org / 3.97.58.28: OP100: ok. FLAGS: ok. V1: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. V1OP100: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found, no OPT100 expected, no OPT100 found. V1FLAGS: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. DNSSEC: ok. V1DNSSEC: SOA NOT expected, but found, BADVER expected, NOERR found, Version 0 expectend and found. NSID: ok. COOKIE: ok. CLIENTSUBNET: ok.
	Nameserver doesn't pass all EDNS-Checks: ns-cloud-e1.googledomains.com: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
A	Good: All SOA have the same Serial Number
	Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.
	3. Content- and Performance-critical Checks
A	Good: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
A	Info: No img element found, no alt attribute checked
A	Good: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
A	Duration: 871926 milliseconds, 871.926 seconds

8. Connections

No connection informations found. Perhaps only http - connections.

9. Certificates

No certificate informations found. Perhaps only http - connections.

10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

No CertSpotter - CT-Log entries found

2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

No CRT - CT-Log entries found

11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404

12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers: ns-cloud-e1.googledomains.com, ns-cloud-e2.googledomains.com, ns-cloud-e3.googledomains.com, ns-cloud-e4.googledomains.com

QNr.	Domain	Type	NS used
1	com	NS	h.root-servers.net (2001:500:1::53)
	Answer: a.gtld-servers.net, b.gtld-servers.net, c.gtld-servers.net, d.gtld-servers.net, e.gtld-servers.net, f.gtld-servers.net, g.gtld-servers.net, h.gtld-servers.net, i.gtld-servers.net, j.gtld-servers.net, k.gtld-servers.net, l.gtld-servers.net, m.gtld-servers.net
2	ns-cloud-e1.googledomains.com	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
3	ns-cloud-e2.googledomains.com	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
4	ns-cloud-e3.googledomains.com	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
5	ns-cloud-e4.googledomains.com	NS	a.gtld-servers.net (2001:503:a83e::2:30)
	Answer: ns5.googledomains.com, ns6.googledomains.com, ns7.googledomains.com, ns8.googledomains.com
	Answer: ns5.googledomains.com 2001:4860:4802:32::a, 216.239.32.10
	Answer: ns6.googledomains.com 2001:4860:4802:34::a, 216.239.34.10
	Answer: ns7.googledomains.com 2001:4860:4802:36::a, 216.239.36.10
	Answer: ns8.googledomains.com 2001:4860:4802:38::a, 216.239.38.10
6	ns-cloud-e1.googledomains.com: 216.239.32.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
7	ns-cloud-e1.googledomains.com: 2001:4860:4802:32::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)
8	ns-cloud-e2.googledomains.com: 216.239.34.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
9	ns-cloud-e2.googledomains.com: 2001:4860:4802:34::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)
10	ns-cloud-e3.googledomains.com: 216.239.36.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
11	ns-cloud-e3.googledomains.com: 2001:4860:4802:36::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)
12	ns-cloud-e4.googledomains.com: 216.239.38.110	A	ns5.googledomains.com (2001:4860:4802:32::a)
13	ns-cloud-e4.googledomains.com: 2001:4860:4802:38::6e	AAAA	ns5.googledomains.com (2001:4860:4802:32::a)

13. CAA - Entries

Domainname	flag	Value	∑ Queries
requester.plexseer.net			1
plexseer.duckdns.org			1
plexseer.net	0	no CAA entry found	1
duckdns.org	0	no CAA entry found	1
net	0	no CAA entry found	1
org	0	no CAA entry found	1

14. TXT - Entries

Domainname	Status	∑ Queries
plexseer.net	ok	1
requester.plexseer.net		1
_acme-challenge.plexseer.duckdns.org	missing entry or wrong length	1
_acme-challenge.requester.plexseer.net	Name Error - The domain name does not exist	1
_acme-challenge.requester.plexseer.net.plexseer.net	Name Error - The domain name does not exist	1
_acme-challenge.plexseer.duckdns.org.plexseer.duckdns.org	perhaps wrong	1
_acme-challenge.requester.plexseer.net.requester.plexseer.net	Name Error - The domain name does not exist	1

15. Portchecks

No Port checks

Permalink: https://check-your-website.server-daten.de/?i=fdb2e3b6-948c-460c-aa8e-727a3c81e55d

Last Result: https://check-your-website.server-daten.de/?q=requester.plexseer.net - 2022-05-14 17:29:06

Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=requester.plexseer.net" target="_blank">Check this Site: requester.plexseer.net</a>