NsTools, the tool for controlling your domain configuration

Domain name analysis tool: Ns.Tools

Based on analysis of the domain’s DNS fields, NsTools classifies the results into 3 categories: Critical, Warning and Info, using 93 tests divided into DNS, DOMAIN/IP, MAIL and WEB themes. This allows us to quickly identify the strengths and weaknesses of the field. The tests and their results can be accessed more explicitly in the “Tests” section of each theme.

DNS analysis

NsTools reconstructs the DNS zone based on the NS, A, AAAA, MX, CNAME, PTR and TXT fields, performing a global configuration check from the DNS root server to the domain DNS server. It ensures that there are no synchronization problems in the DNS tree, that there are two reachable name servers, and that these are on two different networks, all to ensure a high level of availability.

NsTools clearly and precisely displays information for each field, including TTL, IPv4 or IPv6, includes data and SOA content. Email addresses must be valid in accordance with RFC 5322. Zone validity times must have their “refresh”, “retry” and “expire” values within a certain range.

Finally, NsTools tests whether zone forwarding, recursive queries and GLUE records are correctly configured to prevent easy information retrieval, DDoS attacks on DNS or problems with circular DNS settings. This online DNS analysis service issues a Critical alert if a field could lead to a security breach.

Domaine analysis

In addition to the classic domain whois information, which is checked for consistency with the DNS tree, NsTools analyzes the reputation of the domain and its IP. To do this, the online analyzer queries the servers of DNSBL, Google Safe Browsing, Web of Trust and VirusTotal (66 antivirus) to find out whether the domain under test is listed or has a good trust rating. One French company in two is blacklisted at least once a year. The analysis can be performed on a root domain name, a sub-domain or a host.

MAIL analysis

Since e-mail has become an essential means of communication, NsTools checks that your MXs are properly configured, that they have an FQDN server name and not an IP (RFC 1035) or CNAME (RFC 1034 and 2181), and that a reverse is possible.

The presence of at least two SMTP servers, with IP addresses in two different Class C networks, is also part of the analysis feedback. The mail service must comply with RFC 2142, 5321 for abuse and postmaster recipients. The tool checks whether the SPF field is correctly configured. For example, if it has no PTR fields (obsolete), if the syntax of IPv4 or IPv6 addresses is correct, or if the “all” parameter is the last parameter. DKIM (RFC 6376) and DMARC (RFC 7489) are also checked. These three fields are very important to avoid identity theft when sending e-mail.

NsTools also evaluates the SMTP protocol and its security through various tests such as: checking that the server is not open-relay, enabling StartTLS, refusing EXPN and VRFY commands used by spammers to retrieve valid e-mail addresses, and accepting HELO or EHLO (RFC 2181). Other SMTP tests are also carried out to verify the quality of e-mail server security.

WEB analysis

NsTools scans ports 80 and 443 to check whether a website is present. In this case, NsTools automatically retrieves the URL, the redirection and its code, the headers and the technology used. Based on this information, this online service highlights any problems detected, such as the non-presence of Httponly or Secure parameters for cookies, or missing headers such as “X-XSS-Protection”, “Content Security Policy” or “Content Type Option”: it provides an explanation and a link to reference documentation.

How do I test my domain with NsTools?

To test a domain with this online analysis service, you can either go to https://Ns.Tools (in English) or https://NsTools.fr (in French), or install the NsTools extension for your browser by clicking on the following links NsTools Chrome or NsTools Firefox.

Block NsTools analysis of your domain

Some webmasters don’t want a third party to be able to analyze their domain, or prefer to avoid having a link to their site even in nofollow. In the site’s FAQ, users can find out how to block the analysis for the NsTools online tool. Several solutions are available to enable anyone to implement them if they are the actual owner of the domain concerned.

In short, if you have the slightest doubt about your domain name configuration, or simply need to check that there are no security holes in the configuration of your DNS, mail servers or website, simply test your domain name in just a few seconds with this free online analysis service.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …