It has been 37 years since RFC 1034 and RFC 1035 laid down the concept, format, and protocols of the Domain Name System (DNS). Since then, we have added components, new standards, and considerable advances in capabilities. We use DNS for load balancing, geographic affinity to specific data centers, integrity controls using the Domain Name System Security Extensions (DNSSEC), and even to validate email servers using SPF. And then, to top it all off, many organizations own thousands of domains between marketing campaigns, mergers and acquisitions, country-specific entities, mistyping redirects, and anti-phishing and anti-typosquatting measures. In short, DNS started as a simple service and has gotten increasingly complex over time.
Introducing UltraDNS Health Check.
This complexity is why Vercara created a professional services engagement for our customers built around assessing their DNS zones to identify misconfigurations, traffic management nuances, and security vulnerabilities. NSS does this with a combination of automation and staff to give customers an extensive and exhaustive view of their zones. I have sat in on the briefs of these service engagements and was amazed at the level of detail that we provide.
And then we had an idea: why not extend the automation that our services folks are using and make it available to customers in a periodic assessment that they can either get from the UltraDNS portal or emailed on a recurring basis? We all agreed that this was a great idea and created the UltraDNS Health feature for UltraDNS. We looked at the data points that the services folks checked and included them in the Health Check report. We released UltraDNS Health Check to all our UltraDNS customers in 2022.
We then extended the idea: why not make a public resource like the Qualys SSL Labs for the public to get an assessment of their own domains based on queries of their authoritative DNS servers. Granted, it is a subset of the data points that we check for customers in UltraDNS Health Check because we do not have full access to all the records of the zone. However, we provide this as a free service to anybody who wants it. You can go test your domains today at UltraDNS Health Check.
What UltraDNS Health Check tests.
We test for a variety of data points on the public UltraDNS Health Check today, such as:
Nameserver Validations:
- The delegations (glue records) from the parent zone match the NS records in the zone
- The nameservers for the zone are available
- The nameservers for the zone respond to queries for the domain
- The nameservers for the zone do not announce open recursion
Start of Authority (SOA) Validations:
- The zone has a SOA record
- The zone has a SOA REFRESH and it is valid
- The zone has a SOA RETRY and it is valid
- The zone has a SOA EXPIRE and it is valid
- The zone has a SOA MINIMUM and it is valid
Mail Exchange (MX) Records:
- The zone has Mail Exchange records
Domain Name System Security Extensions (DNSSEC):
- The zone is signed
- The DNSSEC signatures are valid
- The Delegation Signers at the parent zone are valid
- The zone is signed correctly
The Zone Itself:
- There is no CNAME at the apex (top) of the domain
Assess your DNS at no cost.
Make sure your DNS is working at its peak. The public UltraDNS Health Check is free and allows you to assess yourself. This tool is one of many free features for UltraDNS. Contact us to learn how UltraDNS can help your business thrive online with peace of mind.
