Domain quality[Link]

To maintain a good and functional .be zone it is essential to start with good quality data. DNS Belgium has no control over the name server records entered by the registrars. To chart the information and give feedback to the registrars the domain quality project was brought to life.

Check on NS tree and name servers[Link]

To begin with, the whole name server tree is broken down from the top (root servers) down to the level of the domain name. We check to see whether the correct redirection has happened, or whether the right glue is in place, or whether any additional servers have been added in and whether the tree itself is complete and consistent. The response times are also shown. We then examine the availability of the name servers over the various channels (UDP and TCP). An indicative investigation is also carried out into the software used. Next, we check to see whether the name server results match up and meet the general guidelines through a check on the SOA records.

At the moment, IPv4 and IPv6 settings are investigated. We also check DS records, if present. We continually try to improve DNS quality and implement new checks.

All the information is grouped per name server or per domain and you can get a picture of your overall score and compare it to the overall score of the entire .be zone.

We hope that giving this information out to our registrars will show them it is important to continuously investigate the quality and status of their name servers and the name servers of their customers to make the .be into a fast, efficient and high quality top level domain.

Error messages[Link]

On demand, DNS Belgium can provide you with an overview of the DNS Quality of your portfolio. In this overview, a short error message is shown. In the table below, you can find more information about these error messages. This information is also visible when you look up the domain name via ‘My registrations’ or when you do a real-time check of the domain name.

Domain quality error messages[Link]

messageType

Message

Meaning

Type

MissingNameserver

Nameserver <ns> is missing

Query did not return an expected nameserver

Error

NoAuthority

Nameserver claims no authority

Nameserver claims no authority

Error

QueryFailed (1)

Nameserver <ns> was unable to interpret the query.

Nameserver <ns> was unable to interpret the query.

Error

QueryFailed (2)

Nameserver <ns> reports a server failure.

Nameserver <ns> reports a server failure.

Error

QueryFailed (3)

Nameserver <ns> reports that domain name doesn’t exist.

Nameserver <ns> reports that domain name doesn’t exist.

Error

QueryFailed (4)

Nameserver <ns> does not support the requested query.

Nameserver <ns> does not support the requested query.

Error

QueryFailed (5)

Nameserver <ns> refused the query for policy reasons.

Nameserver <ns> refused the query for policy reasons.

Error

QueryFailed (6)

Nameserver <ns> replied with returnCode = <code>

Nameserver <ns> replied with returnCode = <code>

Error

UnexpectedError

Unexpected error when querying <ns>

Probably connect timeout to nameserver

Error

UnknownNameserver

Could not resolve nameserver <ns>

Nameserver does not resolve

Error

IpMismatch (1)

IP address does not match for <ns>.

Nameserver returned different A record than was expected.

Error

IpMismatch (2)

IP address <ip> does not match for <ns>.

Nameserver returned different A record than was expected.

Error

PublicCachingNameserver

<ns> seems to be a public caching nameserver.

Caching nameserver.

Error

TimeOut

Querying server <ns> has timed out.

Query timed out.

Error

NoNameservers

This domain has no nameservers attached to it. It will not be usable on the internet.

No nameservers attached to domain name, unusable on the internet.

Error

NameserverUnreachable

Nameserver <ns> unreachable.

Nameserver resolves, but nothing answers on port 53.

Error

DSForNonExistentDNSKEYError

No corresponding DNSKEY records found for DS with keytag: <keytag>.

DS in .be zone but no corresponding DNSKEY on registrars nameserver, no other DNSKEYs available.

Error

InvalidSignature (1)

DNSKEY with keytag: <keytag>, RRSIG expired on: <date>.

RRSIG returned for a DNSKEY is invalid.

Error

InvalidSignature (2)

DNSKEY with keytag: <keytag>, The inception date of the RRSIG lies in the future: <date>.

RRSIG returned for a DNSKEY is invalid.

Error

InvalidSignature (3)

DNSKEY with keytag: <keytag>, Signature invalid.

RRSIG returned for a DNSKEY is invalid.

Error

InvalidSignature (4)

DNSKEY with keytag: <keytag>, Failed to verify signature.

RRSIG returned for a DNSKEY is invalid.

Error

DNSKEYWithoutSignatureError

DNSKEY with keytag: <keytag>, No RRSIG found.

No RRSIG record was returned for a DNSKEY.

Error

PrivateIPAddress

Nameserver <ns> is a private ip address.

Nameserver has private range ip address (should not happen).

Error

MissingIp

IP address <ip> is missing for <ns>.

the nameserver did not return an expected A record.

Warning

TooSlow

Server is too slow: response time of <millis> ms.

Nameserver response took over 2 seconds.

Warning

DSForNonExistentDNSKEYWarning

No corresponding DNSKEY records found for DS with keytag: <keytag>.

DS in .be zone but no corresponding DNSKEY on registrars nameserver, but there is another DS that has a validated DNSKEY on the registrars nameservers.

Warning

NoDSInParentZone

No corresponding DS records found for DNSKEY with keytag: <keytag>.

DNSKEY returned from registrars nameserver, while no DS in .be zone (should not happen anymore).

Warning

StealthNameserver (1)

Stealth nameserver: <ns>.

Nameserver is a stealth nameserver.

Notice

StealthNameserver (2)

Stealth nameserver: <ns> on <ip>.

Nameserver is a stealth nameserver.

Notice

Slow

Server is rather slow: response time of <millis> ms.

Nameserver response took between 1 and 2 seconds.

Notice

DNSKEYWithoutSignatureNotice

DNSKEY with keytag: <keytag>, No RRSIG found.

DNSKEY without RRSIG, but another DNSKEY has RRSIG.

Notice