DNS sağlık skoru nasıl hesaplanıyor?

100 üzerinden başlayan puandan; kritik sorunlar (CNAME çakışması, NS eksikliği gibi) 15–25 puan, ciddi hatalar (tek NS, SPF eksikliği gibi) 8–20 puan, uyarılar 2–10 puan düşürülür. Sonuç 0–100 arasında sınırlandırılır ve A (≥90), B (≥75), C (≥55), D (≥35) ya da F (<35) notu verilir.

NS sunucularım neden farklı sağlayıcılarda olmalı?

Tüm NS sunucularınız aynı şirketin altyapısındaysa o sağlayıcı kesinti yaşadığında alan adınız tamamen erişilemez hale gelir. Farklı sağlayıcılardaki NS sunucuları bu tek arıza noktasını ortadan kaldırır. RFC 2182, en az iki farklı NS kullanılmasını önerir.

SPF kaydı neden önemli?

SPF (Sender Policy Framework), hangi sunucuların sizin adınıza e-posta göndermeye yetkili olduğunu tanımlayan bir TXT kaydıdır. SPF olmadan saldırganlar alan adınızı taklit ederek sahte e-posta gönderebilir; meşru e-postalarınız ise spam klasörüne düşebilir.

SOA kayıt değerleri neden önemli?

SOA (Start of Authority) kaydındaki Refresh, Retry ve Expire değerleri sekonder (yedek) NS sunucularının birincil sunucuyla ne sıklıkta senkronize olacağını belirler. Çok düşük değerler gereksiz yük yaratır; çok yüksek değerler DNS değişikliklerinin geç yayılmasına neden olur.

DNSSEC nedir ve etkinleştirmeli miyim?

DNSSEC, DNS yanıtlarının dijital imzayla doğrulanmasını sağlayarak önbellek zehirlenmesi ve ortadaki adam saldırılarına karşı koruma ekler. DNS sağlayıcınız destekliyorsa etkinleştirmeniz önerilir; ancak yanlış yapılandırılmış DNSSEC alan adını tamamen erişilemez kılabilir; dikkatli uygulayın.

DNS Health Check | Hostragons®

Information

Regarding DNS Health Check

DNS (Domain Name System) is the invisible backbone of the internet infrastructure. Visitors' access to your website, the correct delivery of your emails, and the reliable resolution of your domain name all depend on the accuracy of your DNS records. An incorrectly configured or incomplete DNS record can render your site inaccessible, cause your emails to end up in the spam folder, or leave you vulnerable to DNS cache poisoning attacks.

This free DNS Health Check tool queries and analyzes all critical DNS record types for the domain you enter in real time: NS (variety and number of name servers), A / AAAA (IPv4 and IPv6 support) MX (email forwarding), SOA (regional parameters) TXT (Presence of SPF, DMARC and DKIM), CNAME conflicts and DNSSEC the situation. For each finding, a detailed warning and a suggestion for improvement are provided.

Ultimately, it's somewhere between 0 and 100. DNS health score and A–F note This is displayed. Critical errors, warnings, and informative notes are listed in separate categories, so you can immediately notice the most urgent problem. The tool uses PHP on the server side. dns_get_record() It retrieves genuine DNS data; it does not produce fake or cached results.

How to use it?

Step by step

The one you want to check domain name enter (for example) example.comYou don't need to enter the www prefix or URL.
Inspect Click the button; the server will query the NS, A, AAAA, MX, SOA, TXT, CNAME, and DNSSEC records.
DNS Health Score and examine the letter grades (A–F); sorted by color-coded importance levels. warnings Read it.
Record Table View the raw values of all records in this section.
Suggestions Improve your DNS configuration by following the steps on the card.

FAQ

Frequently Asked Questions

Starting from a score of 100; critical issues (such as CNAME conflict, missing NS) are deducted by 15–25 points, serious errors (such as single NS, missing SPF) by 8–20 points, and warnings by 2–10 points. The result is limited to 0–100 and graded as A (≥90), B (≥75), C (≥55), D (≥35) or F (<35) notu verilir.

If all your NS servers are on the same company's infrastructure, your domain will become completely inaccessible if that provider experiences an outage. Using NS servers on different providers eliminates this single point of failure. RFC 2182 recommends using at least two different NS servers.

SPF (Sender Policy Framework) is a TXT record that defines which servers are authorized to send emails on your behalf. Without SPF, attackers could impersonate your domain and send fake emails, while your legitimate emails could end up in the spam folder.

The Refresh, Retry, and Expire values in the SOA (Start of Authority) record determine how often secondary (backup) NS servers synchronize with the primary server. Very low values create unnecessary overhead; very high values cause DNS changes to propagate slowly.

DNSSEC provides protection against cache poisoning and man-in-the-middle attacks by verifying DNS responses with digital signatures. Enabling it is recommended if your DNS provider supports it; however, incorrectly configured DNSSEC can render the domain completely inaccessible; implement with caution.

DNS Health Check

Regarding DNS Health Check

Step by step

Frequently Asked Questions

How is the DNS health score calculated?

Why should my NS servers be with different providers?

Why is SPF registration important?

Why are SOA record values important?

What is DNSSEC and should I enable it?