Infrastructure - https://rice.edu BeaverCheck Audit

B

DNS Records

4 A records, 149 ms lookup

REVIEW

4 A records, 149 ms lookup

Resolves to 4 IPv4 address(es)

Got: 151.101.3.52, 151.101.67.52, 151.101.131.52, 151.101.195.52

No IPv6 (AAAA) records

CNAME record at zone apex

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Got: t.sni.global.fastly.net

No NS records found

No MX records — email not configured via DNS

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

No SPF record found in TXT records

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

DNS resolution time: 149 ms

Got: 149 ms

A	151.101.3.52, 151.101.67.52, 151.101.131.52, 151.101.195.52
AAAA	—
CNAME	t.sni.global.fastly.net
NS	—
MX	—
TXT	—
CAA	Lookup not available with standard resolver

Resolved in 149 ms

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Why this matters

CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.

Learn more ▾

RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.

Source: RFC 1034

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

Why this matters

Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.

Learn more ▾

SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.

Source: RFC 7208 (SPF)

C

IPv6 Readiness

Action

No IPv6 support

REVIEW

No IPv6 support

No IPv6 (AAAA) records found

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

No IPv6 Support

About 40% of internet users have IPv6. Consider adding AAAA records.

IPv6 support is increasingly important for global accessibility. About 40% of internet users have IPv6 connectivity.

Why this matters

No AAAA records — same impact as 'no IPv6 (AAAA) records'; IPv6-preferring clients pay extra latency falling back to IPv4.

Source: Google IPv6 stats

C

TLS Certificate Expiry & Recommendations

Action

18 days until leaf cert expires — 5 issues to address

REVIEW

Certificate validity

18

days left

0d 30d 60d 90d+

Renew soon — under 30 days remaining

Recommended actions

Renew certificate — 18 days remaining
Add includeSubDomains to the HSTS directive
Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
Enable DNSSEC on your domain for DNS spoofing protection
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

A+

Redirect Chain

No redirects — direct access

PASS

No redirects — direct access

Got: https://www.rice.edu

https://www.rice.edu

109 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://www.rice.edu	200	109 ms	HTTP/1.1	nginx

A+

Crawlability

robots.txt present, sitemap with 72 URLs

PASS

robots.txt present, sitemap with 72 URLs

robots.txt is present

Got: 1913 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 72 entries

robots.txt references sitemap

robots.txt 200 OK

Size 1913 B Sitemaps referenced 1 User-agents * Blocking No — crawling allowed

#

# robots.txt

#

# This file is to prevent the crawling and indexing of certain parts

# of your site by web crawlers and spiders run by sites like Yahoo!

# and Google. By telling these "robots" where not to go on your site,

# you save bandwidth and server resources.

#

# This file will be ignored unless it is at the root of your host:

# Used:    http://example.com/robots.txt

# Ignored: http://example.com/site/robots.txt

#

# For more information about the robots.txt standard, see:

# http://www.robotstxt.org/robotstxt.html


User-agent: *

# CSS, JS, Images

Allow: /core/*.css$

Allow: /core/*.css?

Allow: /core/*.js$

Allow: /core/*.js?

Allow: /core/*.gif

Allow: /core/*.jpg

Allow: /core/*.jpeg

Allow: /core/*.png

Allow: /core/*.svg

Allow: /profiles/*.css$

Allow: /profiles/*.css?

Allow: /profiles/*.js$

Allow: /profiles/*.js?

Allow: /profiles/*.gif

Allow: /profiles/*.jpg

Allow: /profiles/*.jpeg

Allow: /profiles/*.png

Allow: /profiles/*.svg

# Directories

Disallow: /core/

Disallow: /profiles/

# Files

Disallow: /README.txt

Disallow: /web.config

# Paths (clean URLs)

Disallow: /admin/

Disallow: /Module/

Disallow: /comment/reply/

Disallow: /filter/tips

Disallow: /node/add/

Disallow: /search/

Disallow: /user/register/

Disallow: /user/password/

Disallow: /user/login/

Disallow: /user/logout/

# Paths (no clean URLs)

Disallow: /index.php/admin/

Disallow: /index.php/comment/reply/

Disallow: /index.php/filter/tips

Disallow: /index.php/node/add/

Disallow: /index.php/search/

Disallow: /index.php/user/password/

Disallow: /index.php/user/register/

Disallow: /index.php/user/login/

Disallow: /index.php/user/logout/

Disallow: */ajax/

Disallow: */metrics/

Disallow: */jserrors/

Disallow: */session_trace/

Disallow: */page_view_timing/

Disallow: */page_view_event/

Disallow: */page_action/

Disallow: */spa/

Sitemap: https://www.rice.edu/sitemap.xml

sitemap.xml 200 OK

Type URL Set URLs 72 entries Valid XML Yes

Sample URLs:

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.rice.edu/

https://rice.edu/

HTTP → HTTPS

301http://www.rice.edu/ → https://www.rice.edu/

Consistent

A+

Domain Intelligence

rice.edu — 41 years, 7 months old, hosted on RICE-AS - Rice University, US

PASS

rice.edu — 41 years, 7 months old, hosted on RICE-AS - Rice University, US

Domain registered until Jul 31, 2026 (3 months remaining)

Hosting: RICE-AS - Rice University, US

Got: AS8

Domain expiry

45 days

July 31, 2026

SSL certificate

18 days

Issued by Certainly

Domain age

41 years, 7 months

Registered April 24, 1985

DNSSEC

Status unknown

Protects against DNS spoofing

Hosting

RICE-AS - Rice University, US

ASN AS8

128.42.207.44

Registrar

Registrar unknown

Lock status unknown 4 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Recommended actions

Renew the domain or enable auto-renewal to prevent accidental expiry
Renew the TLS certificate or verify auto-renewal is working

Registrar

Created April 24, 1985 (41 years, 7 months ago)

Expires July 31, 2026 (3 months)

Last Updated June 27, 2025

Name Servers ns1.rice.edu, ns2.rice.edu, ns4.purdue.edu, ns3.purdue.edu

Registrant Rice University

Hosting

IP Address 128.42.207.44

ASN AS8 (RICE-AS - Rice University, US)

Provider RICE-AS - Rice University, US

Data source: whois (0.5s)

A+

HTTP Probe Timing

Total 16 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

8 ms

TCP Connect

1 ms

TLS Handshake

4 ms

Time to First Byte

15 ms

Total Time

17 ms

Connection waterfall

DNS Lookup 8 ms TCP Connect 1 ms TLS Handshake 4 ms Server Processing 3 ms Content Transfer 1 ms

A+

CDN & Delivery

Fastly (HIT, MISS, HIT, HIT)

PASS

Fastly (HIT, MISS, HIT, HIT)

Site is served via Fastly CDN

Got: x-served-by: cache-iad-kiad7000169-IAD, cache-iad-kiad7000169-IAD, cache-sjc1000121-SJC

CDN cache status: HIT, MISS, HIT, HIT

CDN Detected: Fastly

Provider Fastly Cache Status HIT, MISS, HIT, HIT Evidence x-served-by: cache-iad-kiad7000169-IAD, cache-iad-kiad7000169-IAD, cache-sjc1000121-SJC