Infrastructure - https://www.cockroachlabs.com BeaverCheck Audit

B

DNS Records

2 A records, 30 ms lookup

REVIEW

2 A records, 30 ms lookup

Resolves to 2 IPv4 address(es)

Got: 15.197.167.90, 3.33.186.135

Has 1 IPv6 (AAAA) record(s)

Got: 2a05:d01c:9e6:f102::1f5

CNAME record at zone apex

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Got: cockroach-labs.netlifyglobalcdn.com

No NS records found

No MX records — email not configured via DNS

CAA records not checked

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

No SPF record found in TXT records

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

DNS resolution time: 30 ms

Got: 30 ms

A	15.197.167.90, 3.33.186.135
AAAA	2a05:d01c:9e6:f102::1f5
CNAME	cockroach-labs.netlifyglobalcdn.com
NS	—
MX	—
TXT	—
CAA	Lookup not available with standard resolver

Resolved in 30 ms

A CNAME at the zone apex can break MX and NS records. Use ALIAS/ANAME or A records instead.

Why this matters

CNAME at the apex (example.com) breaks every other apex record (MX, TXT, NS) — DNS-protocol violation per RFC 1034.

Learn more ▾

RFC 1034 forbids CNAME alongside other records at the same name. Some DNS providers offer ALIAS / ANAME / flattened-CNAME records that work around this — use those instead. Otherwise apex-level CNAME breaks email (no MX), domain ownership verification (no TXT), and more.

Source: RFC 1034

CAA record lookup requires a specialized DNS resolver. This check will be available in a future update.

Why this matters

Informational: CAA (Certification Authority Authorization) records weren't checked in this scan.

SPF helps prevent email spoofing. Add a TXT record starting with 'v=spf1'.

Why this matters

Without SPF, receiving servers can't validate sending IPs — your domain is easier to spoof in phishing.

Learn more ▾

SPF complements DMARC. Both should be published. SPF records list authorized sending IPs (e.g., `v=spf1 include:_spf.google.com ~all` for Google Workspace). After publishing, verify in Google Postmaster Tools or mxtoolbox.

Source: RFC 7208 (SPF)

B

TLS Certificate Expiry & Recommendations

85 days until leaf cert expires — 3 issues to address

REVIEW

Certificate validity

85

days left

0d 30d 60d 90d+

Recommended actions

Add includeSubDomains to the HSTS directive
Add the preload directive and submit to hstspreload.org once max-age + includeSubDomains are in place
Enable OCSP stapling on your TLS server to remove a CA roundtrip and protect user privacy

B

CDN & Delivery

Netlify

REVIEW

Netlify

Site is served via Netlify CDN

Got: x-nf-request-id: 01KNMTD37JH9XH69F4DJCMKPZ1

CDN Detected: Netlify

Provider Netlify Evidence x-nf-request-id: 01KNMTD37JH9XH69F4DJCMKPZ1

A+

Redirect Chain

No redirects — direct access

PASS

No redirects — direct access

Got: https://www.cockroachlabs.com

https://www.cockroachlabs.com

903 ms · HTTP/1.1 FINAL

#	URL	Status	Time	Protocol	Server
1	https://www.cockroachlabs.com	200	903 ms	HTTP/1.1	Netlify

A+

IPv6 Readiness

IPv6 reachable (28 ms)

PASS

IPv6 reachable (28 ms)

IPv6 is configured and reachable at 2a05:d01c:9e6:f102::1f5

Got: 28 ms connect

IPv6 Ready

AAAA Records 2a05:d01c:9e6:f102::1f5 Connection Reachable (28 ms)

A+

Crawlability

robots.txt present, sitemap with 1911 URLs

PASS

robots.txt present, sitemap with 1911 URLs

robots.txt is present

Got: 5066 bytes

sitemap.xml is present

sitemap.xml is valid XML

sitemap.xml contains 1911 entries

robots.txt references sitemap

robots.txt 200 OK

Size 5066 B Sitemaps referenced 2 User-agents GPTBot, PerplexityBot, ClaudeBot, anthropic-ai, Google-Extended, bingbot, msnbot, * Blocking No — crawling allowed

User-Agent: *
Allow: /wp-content/uploads/
Allow: *css
Allow: *js
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: GPTBot
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: PerplexityBot
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: ClaudeBot
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: anthropic-ai
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: Google-Extended
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: bingbot
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

User-Agent: msnbot
Allow: /
Disallow: /tags/
Disallow: /page/
Disallow: /animation-test/
Disallow: /categories/
Disallow: /employees/
Disallow: /footer/
Disallow: /blog/wp-login.php
Disallow: /blog/wp-register.php
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/themes/
Disallow: /wp-admin/
Disallow: /pdf/*
Disallow: /slides/*
Disallow: /wp-login.php
Disallow: /wp-trackback.php
Disallow: /xmlrpc.php
Disallow: /*&utm_source
Disallow: /*&utm_medium
Disallow: /*&utm_campaign
Disallow: /*?utm_
Disallow: /*thank-you
Disallow: /free-tier/*
Disallow: /search/
Disallow: /docs/search*

Sitemap: https://www.cockroachlabs.com/sitemap.xml
Sitemap: https://www.cockroachlabs.com/docs/sitemap.xml

sitemap.xml 200 OK

Type URL Set URLs 1911 entries Valid XML Yes

Sample URLs:

A+

URL Variants

www/non-www, trailing slash, HTTP→HTTPS

PASS

www/non-www, trailing slash, HTTP→HTTPS

www/non-www redirect configured correctly (preferred: www)

HTTP correctly 301-redirects to HTTPS

www / non-www

200https://www.cockroachlabs.com/

301https://cockroachlabs.com/

Preferred variant: www

HTTP → HTTPS

301http://www.cockroachlabs.com/ → https://www.cockroachlabs.com/

Consistent

A+

Domain Intelligence

cockroachlabs.com — via Squarespace Domains II LLC, 11 years, 4 months old, hosted on AWS

PASS

cockroachlabs.com — via Squarespace Domains II LLC, 11 years, 4 months old, hosted on AWS

Domain registered until Jan 23, 2033 (6 years, 10 months remaining)

DNSSEC is enabled

Registrar: Squarespace Domains II LLC

Hosting: AWS

Got: AS16509

Domain expiry

2414 days

January 23, 2033

SSL certificate

85 days

Issued by Let's Encrypt

Domain age

11 years, 4 months

Registered January 23, 2015

DNSSEC

Enabled

Protects against DNS spoofing

Hosting

AWS

ASN AS16509

3.33.186.135

Registrar

Squarespace Domains II LLC

Lock status unknown 4 NS records

Expiry timeline

Today

+1 year

Domain expiry SSL expiry Danger zone (≤30 days)

Registrar Squarespace Domains II LLC

Created January 23, 2015 (11 years, 4 months ago)

Expires January 23, 2033 (6 years, 10 months)

Last Updated October 16, 2025

Name Servers ns-cloud-d1.googledomains.com, ns-cloud-d2.googledomains.com, ns-cloud-d3.googledomains.com, ns-cloud-d4.googledomains.com

DNSSEC Enabled

Hosting

IP Address 3.33.186.135

ASN AS16509 (AMAZON-02 - Amazon.com, Inc., US)

Provider AWS

Data source: rdap (0.3s)

A

HTTP Probe Timing

Total 758 ms — DNS, TCP, TLS, TTFB, content transfer breakdown

PASS

DNS Lookup

28 ms

TCP Connect

1 ms

TLS Handshake

65 ms

Time to First Byte

658 ms

Total Time

758 ms

Connection waterfall

DNS Lookup 28 ms TCP Connect 1 ms TLS Handshake 65 ms Server Processing 564 ms Content Transfer 100 ms