Did all the good DANE TLSA record checkers all go away? All the ones I can find are caching results, either the report, or the DNS queries, so they are near useless for fixing/debugging your records.
Conversation
Replying to
internet.nl should work properly without caching being an issue and tests a lot more DANE. It's really good.
2
1
2
Replying to
Thanks.
Their results are a little bit critical though. Just because my secondary doesn't have IPv6 it says: Too bad! Your website is not reachable for visitors using a modern internet address (IPv6), or improvement is possible.
Same with HTTPS.
2
Replying to
It is annoying that it checks IPv6 if you strictly want a security checking tool but it's meant for checking for adoption of modern / good practices in general. It like that it's pretty thorough with checking DNS, etc.
For some reason OVH doesn't give you IPv6 DNS servers if you use them as your authoritative DNS in Canada, but I think they do elsewhere. It's pretty weird. I realized that because of that tool...
1
Replying to
My point is that it shouldn't say "โ not IPv6 reachable" but more "โ ๏ธ needs improvement". Because it most definitely is accessible via IPv6.
1
Oh, hmm, guess that is a good reason to look at HE's secondary DNS service for that.