ARMY.MIL DNS Report

Health Score: 77%

Need help fixing DNS ? Get an expert advise at support forum

Checked: 1 week before

Parent

NS records at parent servers

NS03.ARMY.MIL [ 130.114.200.6 ]
NS01.ARMY.MIL [ 140.153.43.44 ]
NS02.ARMY.MIL [ 192.82.113.7 ]
[These were obtained from pac2.nipr.MIL.]

Glue at parent nameservers 7/7

SUCCESS Parent nameservers know A records for your domain, Very good !

NS

Mismatched glue 0/7

The glue provided by the root servers does not match glue that provided by your authoritative DNS servers.
(NS01.ARMY.MIL.		21600	IN	A	140.153.43.44) present at Parent, missing at (130.114.200.6, 140.153.43.44, 192.82.113.7)
(NS02.ARMY.MIL.		21600	IN	A	192.82.113.7) present at Parent, missing at (130.114.200.6, 140.153.43.44, 192.82.113.7)
(NS03.ARMY.MIL.		21600	IN	A	130.114.200.6) present at Parent, missing at (130.114.200.6, 140.153.43.44, 192.82.113.7)

Nameservers A records 0/7

Some servers does not provide A records for nameservers.
missing A record(s) for (ns03.ARMY.MIL,ns01.ARMY.MIL,ns02.ARMY.MIL) at nameserver 130.114.200.6
missing A record(s) for (ns02.ARMY.MIL,ns03.ARMY.MIL,ns01.ARMY.MIL) at nameserver 140.153.43.44
missing A record(s) for (ns02.ARMY.MIL,ns03.ARMY.MIL,ns01.ARMY.MIL) at nameserver 192.82.113.7

Nameservers report identical NS records 7/7

SUCCESS The NS records at all your nameservers are identical.

Nameservers respond 10/10

SUCCESS All of your nameservers listed at the parent nameservers responded.

Nameserver name validity 7/7

SUCCESS All of the NS records that your nameservers report are valid (no IPs or partial domain names).

Number of nameservers 5/5

SUCCESS You have 3 nameservers. You must have at least 2 nameservers (RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7.

Lame nameservers 7/7

SUCCESS All the nameservers listed at the parent servers answer authoritatively for your domain.

Missing (stealth) nameservers 7/7

SUCCESS All your nameservers are also listed at the parent servers.

Root missing nameservers 7/7

SUCCESS All of the nameservers listed at the parent nameservers are also listed as NS records at your nameservers.

Nameservers on separate class C's 7/7

SUCCESS Nameservers are in a different networks.

public IPs 7/7

SUCCESS All of your NS records appear to use public IPs.

SOA

SOA record

SOA record is:
Hostmaster email
usarmy.huachuca.netcom.mesg.epdns-global.mail.MIL
Serial
2006026044
Refresh
900
Retry
90
Expire
2419200
TTL
1274

Serial agreement 0/7

DANGER Some nameservers have a different soa serial number That can occur because of recent master update (slave have not loaded master zone yet) or the is a problem in DNS.
There is serial 2006026044 at nameserver(s) (130.114.200.6 140.153.43.44)
There is serial 2006026043 at nameserver(s) (192.82.113.7)

SOA MNAME 3/3

SUCCESS SOA (Start of Authority) record states that your master (primary) name server is: ns01.ARMY.MIL That server is listed at the parent servers, which is correct.

Serial value 1/1

SUCCESS SOA serial number is: 2006026044 This appears to be in the recommended format of YYYYMMDDnn, where 'nn' is the revision. This number must be incremented every time you make a DNS change.

Refresh value 0/1

WARNING SOA Retry interval is : 900 seconds. This seems too small. (Values about 3600-7200 seconds is good if not using DNS NOTIFY; RFC1912 2.2 recommends a value between 1200 to 43200 seconds (20 minutes to 12 hours)). This value determines how often secondary/slave nameservers check with the master for updates.

Retry value 0/1

WARNING SOA Retry interval is : 90 seconds. This seems too small. (Values about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave nameservers will wait to contact the master nameserver again if the last attempt failed.

Expire value 1/1

SUCCESS SOA Expire time is : 2419200 seconds. This seems OK. (Values 604800 to 2419200 seconds (1-4 weeks) is good). RFC1912 suggests 2-4 weeks. This is how long a secondary/slave nameserver will wait before considering its DNS data stale if it can't reach the primary nameserver.

TTL value 1/1

SUCCESS SOA Expire time is : 1274 seconds. This seems OK. (about 300 to 86400 seconds or 5 min - 24 hours is good). RFC2308 suggests a value of 1-3 hours. This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS entries, but now is used for negative caching.

Info

DNS trace

Trace to ARMY.MIL
lookup ARMY.MIL at A.ROOT-SERVERS.NET(198.41.0.4) 10 ms
A.ROOT-SERVERS.NET(198.41.0.4) refer to con1.nipr.MIL(199.252.157.234)
lookup ARMY.MIL at con1.nipr.MIL(199.252.157.234) 129 ms
con1.nipr.MIL(199.252.157.234) refer to NS03.ARMY.MIL(130.114.200.6)
lookup ARMY.MIL at NS03.ARMY.MIL(130.114.200.6) 139 ms
RECORD does not exist
Total time: 278 ms