ARCHIVED

Domain quality

To maintain a good and functional .be zone it is essential to start with good quality data. DNS Belgium has no control over the name server records entered by the registrars. To chart the information and give feedback to the registrars the domain quality project was brought to life.

Check on NS tree and name servers

To begin with, the whole name server tree is broken down from the top (root servers) down to the level of the domain name. We check to see whether the correct redirection has happened, or whether the right glue is in place, or whether any additional servers have been added in and whether the tree itself is complete and consistent. The response times are also shown. We then examine the availability of the name servers over the various channels (UDP and TCP). An indicative investigation is also carried out into the software used. Next, we check to see whether the name server results match up and meet the general guidelines through a check on the SOA records.

At the moment, IPv4 and IPv6 settings are investigated. We also check DS records, if present. We continually try to improve DNS quality and implement new checks.

All the information is grouped per name server or per domain and you can get a picture of your overall score and compare it to the overall score of the entire .be zone.

We hope that giving this information out to our registrars will show them it is important to continuously investigate the quality and status of their name servers and the name servers of their customers to make the .be into a fast, efficient and high quality top level domain.

Error messages

On demand, DNS Belgium can provide you with an overview of the DNS Quality of your portfolio. In this overview, a short error message is shown. In the table below, you can find more information about these error messages. This information is also visible when you look up the domain name via ‘My registrations’ or when you do a real-time check of the domain name.

orphan:

ARCHIVED

Domain quality error messages

messageType	Message	Meaning	Type
MissingNameserver	Nameserver <ns> is missing	Query did not return an expected nameserver	Error
NoAuthority	Nameserver claims no authority	Nameserver claims no authority	Error
QueryFailed (1)	Nameserver <ns> was unable to interpret the query.	Nameserver <ns> was unable to interpret the query.	Error
QueryFailed (2)	Nameserver <ns> reports a server failure.	Nameserver <ns> reports a server failure.	Error
QueryFailed (3)	Nameserver <ns> reports that domain name doesn’t exist.	Nameserver <ns> reports that domain name doesn’t exist.	Error
QueryFailed (4)	Nameserver <ns> does not support the requested query.	Nameserver <ns> does not support the requested query.	Error
QueryFailed (5)	Nameserver <ns> refused the query for policy reasons.	Nameserver <ns> refused the query for policy reasons.	Error
QueryFailed (6)	Nameserver <ns> replied with returnCode = <code>	Nameserver <ns> replied with returnCode = <code>	Error
UnexpectedError	Unexpected error when querying <ns>	Probably connect timeout to nameserver	Error
UnknownNameserver	Could not resolve nameserver <ns>	Nameserver does not resolve	Error
IpMismatch (1)	IP address does not match for <ns>.	Nameserver returned different A record than was expected.	Error
IpMismatch (2)	IP address <ip> does not match for <ns>.	Nameserver returned different A record than was expected.	Error
PublicCachingNameserver	<ns> seems to be a public caching nameserver.	Caching nameserver.	Error
TimeOut	Querying server <ns> has timed out.	Query timed out.	Error
NoNameservers	This domain has no nameservers attached to it. It will not be usable on the internet.	No nameservers attached to domain name, unusable on the internet.	Error
NameserverUnreachable	Nameserver <ns> unreachable.	Nameserver resolves, but nothing answers on port 53.	Error
DSForNonExistentDNSKEYError	No corresponding DNSKEY records found for DS with keytag: <keytag>.	DS in .be zone but no corresponding DNSKEY on registrars nameserver, no other DNSKEYs available.	Error
InvalidSignature (1)	DNSKEY with keytag: <keytag>, RRSIG expired on: <date>.	RRSIG returned for a DNSKEY is invalid.	Error
InvalidSignature (2)	DNSKEY with keytag: <keytag>, The inception date of the RRSIG lies in the future: <date>.	RRSIG returned for a DNSKEY is invalid.	Error
InvalidSignature (3)	DNSKEY with keytag: <keytag>, Signature invalid.	RRSIG returned for a DNSKEY is invalid.	Error
InvalidSignature (4)	DNSKEY with keytag: <keytag>, Failed to verify signature.	RRSIG returned for a DNSKEY is invalid.	Error
DNSKEYWithoutSignatureError	DNSKEY with keytag: <keytag>, No RRSIG found.	No RRSIG record was returned for a DNSKEY.	Error
PrivateIPAddress	Nameserver <ns> is a private ip address.	Nameserver has private range ip address (should not happen).	Error
MissingIp	IP address <ip> is missing for <ns>.	the nameserver did not return an expected A record.	Warning
TooSlow	Server is too slow: response time of <millis> ms.	Nameserver response took over 2 seconds.	Warning
DSForNonExistentDNSKEYWarning	No corresponding DNSKEY records found for DS with keytag: <keytag>.	DS in .be zone but no corresponding DNSKEY on registrars nameserver, but there is another DS that has a validated DNSKEY on the registrars nameservers.	Warning
NoDSInParentZone	No corresponding DS records found for DNSKEY with keytag: <keytag>.	DNSKEY returned from registrars nameserver, while no DS in .be zone (should not happen anymore).	Warning
StealthNameserver (1)	Stealth nameserver: <ns>.	Nameserver is a stealth nameserver.	Notice
StealthNameserver (2)	Stealth nameserver: <ns> on <ip>.	Nameserver is a stealth nameserver.	Notice
Slow	Server is rather slow: response time of <millis> ms.	Nameserver response took between 1 and 2 seconds.	Notice
DNSKEYWithoutSignatureNotice	DNSKEY with keytag: <keytag>, No RRSIG found.	DNSKEY without RRSIG, but another DNSKEY has RRSIG.	Notice