FAQ

General

What is DNSHEALTH?

It is an online tool designed to help webmasters verify the health of a DNS zone on a set of DNS servers for a particular domain name.


How can I use it?

You can use the tool free of charge on our front page here. You can choose to either only enter a domain by checking the "Delegated domain" checkbox, in which case the tool checks the current nameservers of the domain, or also manually enter the nameservers you wish to check towards.


How can I contact you?

You can contact us by sending an email to info@dnshealth.eu


Economy

Does using the tool cost something?

The tool costs nothing to use.


How do you monetize this?

The project is sponsored and powered by NordName, which uses the tool in its domain registrar operations.


Who created the tool?

The tool was created by a group university of students at KTH during a project course.


How secure is this?

The tool requires no registration to use and it is completely stateless. It is as secure as it can be.


Administrative

Do I need to register?

No. The tool is open for the public to use and requires no registration.


I want to use the tool API in my project, is that possible?

Yes. Please send us an email to info@dnshealth.eu and we will give you access. (fair usage applies)


I would like to get new features. Is that possible?

You can create an issue in our Github and we will consider your request.

Technical questions

The Valid hostnames check failed. What can I do?

The domain you entered and its nameservers can only contain letters a-z, the digits 0 to 9 and hyphens. A hostname can not start with a hyphen. A hostname can be at most 253 characters long.


The Prohibited Networks check failed. What is the problem?

One of the nameservers has its IP defined within a prohibited IP range.


The Checking nameserver reachability check failed. What can I do?

Make sure that the nameservers are reachable over both TCP and UDP at port 53.


The Checking for authoritative answers check failed. What can I do?

It means that the nameserver has not been set up to answer queries about the domain name. Make sure a DNS zone exists for the domain.


The Same source address as destination address check failed. What can I do?

This implies that the nameserver responded from a different IP than the one the request was sent to. Make sure that the DNS server is binded to the correct network interface/IP.


The Check glue consistency check failed. What can I do?

Ensure that the glue records set for the nameservers match the A/AAAA records set at the nameservers. They must be identical.


The Consistency between delegation and zone check failed. What can I do?

Verify that the nameservers checked towards match the set of NS records found at those nameservers.


The Consistency between authoritative nameservers check failed. What can I do?

Make sure that the set of nameservers all have an identical set of NS records.


The Unique nameservers check failed. What can I do?

Check that there are at least 2 unique nameservers which all have an unique IP address.


Network diversity failed. What can be done to correct this?

Ensure that the nameservers are located within at least two AS blocks. If the nameservers have all IP addresses very close to each other, it implies they do not have optimal redundancy.


What are glue records?

In Domain Name System the nameservers are defined by name, not by IP address. This means that an additional DNS inquiry is required to find the IP address of a nameserver. If the authoritative nameserver of a domain is under the domain itself, there will be a circular dependency. Glue records are used to solve this problem by defining the IP address of the nameserver at the TLD DNS zone. You will be able to set up the glue records at your domain name registrar.