Infrastructure
· 9 checks — DNS, redirects, IPv6, crawlability, URL variants, and domain intelligence rolled into one auditable list.DCDN & DeliveryActionNo CDN detectedFIX
Consider using a CDN to improve global delivery speed and reduce origin load.
BDNS Records1 A records, 106 ms lookupREVIEW
| A | 85.30.190.141 |
| AAAA | 2a02:80:0:3ffd::50:3 |
| CNAME | web.geo.freebsd.org |
| NS | — |
| MX | 0 |
| TXT | — |
| CAA | Lookup not available with standard resolver |
Multiple A records provide failover if one server goes down.
Single A record means a single point of failure — if that IP goes down, your site is unreachable until DNS TTL expires.
Learn more ▾ ▴
Add multiple A records for round-robin failover, or use a managed DNS provider with health-checked failover (Route 53, Cloudflare, NS1). Short TTL (60-300s) lets clients recover faster on outages.
Source: SRE practice / DNS architecture
A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.
CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.
Learn more ▾ ▴
RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.
Source: RFC 1034
CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.
Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.
SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.
Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.
Learn more ▾ ▴
SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.
Source: RFC 7208 (SPF)
BTLS Certificate Expiry & Recommendations67 days until leaf cert expires — 2 issues to addressREVIEW
Certificate validity
Recommended actions
- Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
- Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy
A+Redirect ChainNo redirects — direct accessPASS
https://www.freebsd.org
134 ms · HTTP/1.1 FINAL
| # | URL | Status | Time | Protocol | Server |
|---|---|---|---|---|---|
| 1 | https://www.freebsd.org | 200 | 134 ms | HTTP/1.1 | CloudSoft_Enterprise/v1.00 |
A+IPv6 ReadinessIPv6 reachable (41 ms)PASS
A+Crawlabilityrobots.txt present, sitemap with 3 URLsPASS
Add a 'Sitemap:' directive to robots.txt so search engines can discover your sitemap.
robots.txt omits Sitemap: directive — crawlers must fetch /sitemap.xml by convention; reliable but missing the explicit hint.
Source: sitemaps.org
User-agent: *
Disallow: /cgi/man.cgi?apropos=2&
Disallow: /cgi/ports.cgi?
Disallow: /cgi/man-autocomplete.cgi
Disallow: /cgi/ports-autocomplete.cgi
Disallow: /statistic
User-agent: GPTBot
Disallow: /cgi
User-agent: CCBot
Disallow: /cgi
# SEO
User-agent: SemrushBot
Disallow: /cgi
User-agent: MJ12bot
Disallow: /cgi
User-agent: BLEXBot
Disallow: /cgi
User-agent: dotbot
Disallow: /cgi
User-agent: SeekportBot
Disallow: /cgi
User-agent: AhrefsBot
Disallow: /cgi
A+URL Variantswww/non-www, trailing slash, HTTP→HTTPSPASS
www / non-www
Preferred variant: www
HTTP → HTTPS
Consistent
A+Domain Intelligencefreebsd.org — via Gandi SAS, 32 years oldPASS
798 days
September 18, 2028
67 days
Issued by Let's Encrypt
32 years
Registered September 19, 1994
Enabled
Protects against DNS spoofing
Unknown
2610:1c1:1:606c::50:15
Gandi SAS