DNS & HTTP Analysis for bbc.co.uk

Processing Domain bbc.co.uk on 29/03/2019 19:38:14


  • This tool is available free to use at GENSupport
  • Help and Support for your DNS or HTTP issues available on our Forum
  • The version that produced this report is 1.004b

Processing DNS Records

Basic Checks

Here we check the basic functioning and security of your DNS

  • Zone Queries 6 Record Types and 24 Records Found
  • Zone Transfer Failed
  • Zone Dump
    • TXT
      • _dmarc.bbc.co.uk. TTL 3600 "v=DMARC1;p=none;aspf=r;pct=100;fo=0;ri=86400;rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;"
      • bbc.co.uk. TTL 3600 "2RLXso9TrRPyhWOEhYggL0U/r1D+g8H7z9RqDBOmcJjSbj88TobGKimtkCrXZNBkDXQDj89lS4mDskNOJyWLdg=="
      • bbc.co.uk. TTL 3600 "MS=ms10378910"
      • bbc.co.uk. TTL 3600 "adobe-idp-site-verification=9b850a4a56e3fac19aea1e0ac5db302e5cefab444cd73519dce1c72ccd4db058"
      • bbc.co.uk. TTL 3600 "docusign=50f10407-e3e4-4f6a-aae4-712d4eb31329"
      • bbc.co.uk. TTL 3600 "docusign=a10ad7b6-cf7e-472d-8157-23061f5b5116"
      • bbc.co.uk. TTL 3600 "dropbox-domain-verification=l5djk65wpy3z"
      • bbc.co.uk. TTL 3600 "google-site-verification=ITX3CwHXxGVfkCmhF4eSwdfo8h2ZGLAZ3zRpYvZi5XA"
      • bbc.co.uk. TTL 3600 "v=spf1 ip4:212.58.224.0/19 ip4:132.185.0.0/16 ip4:78.136.53.80/28 ip4:78.136.14.192/27 ip4:78.136.19.8/29 ip4:89.234.10.72/29 ip4:89.234.53.236 ip4:212.111.33.181 ip4:78.137.117.8 ip4:46.37.176.74 ip4:194.74.182.201 ip4:159.253.62.157" " ip4:80.169.167.201 +include:sf.sis.bbc.co.uk +include:spf.messagelabs.com +include:servers.mcsv.net +include:amazonses.com ?all"
    • A
      • bbc.co.uk. TTL 300 151.101.0.81
      • bbc.co.uk. TTL 300 151.101.128.81
      • bbc.co.uk. TTL 300 151.101.192.81
      • bbc.co.uk. TTL 300 151.101.64.81
    • AAAA
      • bbc.co.uk. TTL 300 2a04:4e42:0:0:0:0:0:81
      • bbc.co.uk. TTL 300 2a04:4e42:200:0:0:0:0:81
      • bbc.co.uk. TTL 300 2a04:4e42:400:0:0:0:0:81
      • bbc.co.uk. TTL 300 2a04:4e42:600:0:0:0:0:81
    • MX
      • bbc.co.uk. TTL 300 10 cluster1.eu.messagelabs.com.
      • bbc.co.uk. TTL 300 20 cluster1a.eu.messagelabs.com.
    • NS
      • bbc.co.uk. TTL 900 ns3.bbc.co.uk.
      • bbc.co.uk. TTL 900 ns3.bbc.net.uk.
      • bbc.co.uk. TTL 900 ns4.bbc.co.uk.
      • bbc.co.uk. TTL 900 ns4.bbc.net.uk.
    • CNAME
      • www.bbc.co.uk. TTL 300 www.bbc.net.uk.

Nameservers

Here we check the setup of your nameservers. All nameservers on your domain should be listed in the zone and returned in an ANY query along with corresponding A and/or AAAA records resolving their address.

  • ns3.bbc.co.uk 156.154.66.17 Found and Match. ( Missing from Zone Address Records )
  • ns4.bbc.co.uk 156.154.67.17 Found and Match. ( Missing from Zone Address Records )
  • ns3.bbc.net.uk 156.154.64.17 Found and Match. ( Missing from Zone Address Records )
  • ns4.bbc.net.uk 156.154.65.17 Found and Match. ( Missing from Zone Address Records )

Processing TXT Records

DMARC Record:

The DMARC Record defines how MTA's should response when parsing DKIM and SPF records

  • v=dmarc1 (The Version of this record)
  • p=none (The Policy to implement on FAIL)
  • aspf=r (Alignment mode for SPF)
  • pct=100 (The Percentage of Messages subject to filtering)
  • fo=0 (Dictates what type of authentication/alignment vulnerabilities are reported)
  • ri=86400 (The number of seconds elapsed between sending aggregate reports)
  • rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. (Reporting URI of aggregate reports)
  • ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. (Reporting URI for forensic reports)

Unknown Record:

We cannot identify this record. If you know what it is and its no longer needed then remove it

  • 2rlxso9trrpyhwoehyggl0u/r1d+g8h7z9rqdbomcjjsbj88tobgkimtkcrxznbkdxqdj89ls4mdsknojywldg==

Microsoft Office 365 Verification Record:

This record is used to identify this domain as an Office 365 domain

  • ms=ms10378910

Adobe Enterprise products and services Verification Record:

Some Adobe Products allow enterprise user accounts to be linked to a domain name and this record provides verification of ownership

  • adobe-idp-site-verification=9b850a4a56e3fac19aea1e0ac5db302e5cefab444cd73519dce1c72ccd4db058

Docusign Record:

Docusign is a company offering document signing services but since a data breach and other security concerns this is rarely used today and you should consider removing it.

  • docusign=50f10407-e3e4-4f6a-aae4-712d4eb31329

Docusign Record:

Docusign is a company offering document signing services but since a data breach and other security concerns this is rarely used today and you should consider removing it.

  • docusign=a10ad7b6-cf7e-472d-8157-23061f5b5116

Dropbox Business domain verification and invite enforcement

Dropbox is a company that allows file-sharing and despite a reputation for abuse people still use it. If your not using Dropbox anymore then you can safely remove this record

  • dropbox-domain-verification=l5djk65wpy3z

Google Domain Verification Record:

This record is used by Google to validate domain ownership when setting up Google Analytics etc

  • google-site-verification=itx3cwhxxgvfkcmhf4eswdfo8h2zglaz3zrpyvzi5xa

SPF Record:

The SPF Record defines which IP addresses are permitted to send email on this domain's behalf

  • v=spf1 (The SPF Format Version Number)
  • ip4:212.58.224.0/19 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:132.185.0.0/16 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:78.136.53.80/28 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:78.136.14.192/27 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:78.136.19.8/29 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:89.234.10.72/29 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:89.234.53.236 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:212.111.33.181 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:78.137.117.8 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:46.37.176.74 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:194.74.182.201 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:159.253.62.157 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:80.169.167.201 (The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • +include:sf.sis.bbc.co.uk (The SPF Record listed here should be used - Additional look-ups required)
  • +include:spf.messagelabs.com (The SPF Record listed here should be used - Additional look-ups required)
  • +include:servers.mcsv.net (The SPF Record listed here should be used - Additional look-ups required)
  • +include:amazonses.com (The SPF Record listed here should be used - Additional look-ups required)
  • ?all (SPF Result is neutral and has no effect)

Processing MX (Mail Exchanger) Records

These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion

  • Priority 10 handled by host cluster1.eu.messagelabs.com. [46.226.52.193] Valid
    • Email Handled By Messagelabs
    • Port 25 (smtp) : Open
  • Priority 20 handled by host cluster1a.eu.messagelabs.com. [52.28.91.133] Valid
    • Email Handled By Messagelabs
    • Port 25 (smtp) : Open

Processing CNAME (Alias) Records

These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.

  • www.bbc.co.uk. www.bbc.net.uk.

Processing A (IPv4 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address

  • Host: bbc.co.uk. = IP: [151.101.0.81] Valid Reachable (11.097ms)
  • Host: bbc.co.uk. = IP: [151.101.128.81] Valid Reachable (11.27ms)
  • Host: bbc.co.uk. = IP: [151.101.192.81] Valid Reachable (11.46ms)
  • Host: bbc.co.uk. = IP: [151.101.64.81] Valid Reachable (11.346ms)

Processing AAAA (IPv6 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain

  • Host: bbc.co.uk. = IP: [2a04:4e42:0:0:0:0:0:81] Valid
  • Host: bbc.co.uk. = IP: [2a04:4e42:200:0:0:0:0:81] Valid
  • Host: bbc.co.uk. = IP: [2a04:4e42:400:0:0:0:0:81] Valid
  • Host: bbc.co.uk. = IP: [2a04:4e42:600:0:0:0:0:81] Valid

Processing Domain Public Records

    Domain Name WHOIS Information - bbc.co.uk

    • Domain name
    • bbc.co.uk
    • Data validation
    • Nominet was able to match the registrant's name and address against a 3rd party data source on 12-Jun-2014
    • Registrar
    • British Broadcasting Corporation [Tag = BBC]
    • URL: http://www.bbc.co.uk
    • Relevant dates
    • Registered on before Aug-1996
    • Expiry date 13-Dec-2025
    • Last updated 29-Oct-2016
    • Registration status
    • Registered until expiry date.
    • Name servers
    • ns3.bbc.co.uk 156.154.66.17 2610:a1:1015::17
    • ns3.bbc.net.uk
    • ns4.bbc.co.uk 156.154.67.17 2001:502:4612::17
    • ns4.bbc.net.uk
    • WHOIS lookup made at 19:34:37 29-Mar-2019

    Website Hosting WHOIS Information - 151.101.0.81

    • NetRange 151.101.0.0 - 151.101.255.255
    • CIDR 151.101.0.0/16
    • NetHandle NET-151-101-0-0-1
    • Parent RIPE-ERX-151 (NET-151-0-0-0-0)
    • NetType Direct Assignment
    • OriginAS
    • Organization Fastly (SKYCA-3)
    • RegDate 2016-02-01
    • Updated 2016-02-01
    • Ref: https://rdap.arin.net/registry/ip/151.101.0.0
    • OrgName Fastly
    • OrgId SKYCA-3
    • Address PO Box 78266
    • City San Francisco
    • StateProv CA
    • PostalCode 94107
    • Country US
    • RegDate 2011-09-16
    • Updated 2018-08-13
    • Ref: https://rdap.arin.net/registry/entity/SKYCA-3
    • OrgAbuseHandle ABUSE4771-ARIN
    • OrgAbuseName Abuse Account
    • OrgAbusePhone +1-415-496-9353
    • OrgAbuseEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
    • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4771-ARIN
    • OrgNOCHandle FNO19-ARIN
    • OrgNOCName Fastly Network Operations
    • OrgNOCPhone +1-415-404-9374
    • OrgNOCEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
    • OrgNOCRef: https://rdap.arin.net/registry/entity/FNO19-ARIN
    • OrgTechHandle FRA19-ARIN
    • OrgTechName Fastly RIR Administrator
    • OrgTechPhone +1-415-404-9374
    • OrgTechEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
    • OrgTechRef: https://rdap.arin.net/registry/entity/FRA19-ARIN

Processing Website

    Website Headers for www.bbc.co.uk

    We will obtain the headers from your website and parse them for validity

    • Web Server Header is Missing
    • Request Response HTTP/1.1 200 OK OK
    • SSL is available and enabled
      • Certificate Name /C=GB/ST=London/L=London/O=British Broadcasting Corporation/CN=*.bbc.co.uk
      • Certificate Issued To
        • Country GB
        • City London
        • Locality London
        • Organisation British Broadcasting Corporation
        • Certificate Scope *.bbc.co.uk
        Certificate Issuer
        • Country BE
        • Organisation GlobalSign nv-sa
        • Certificate Scope GlobalSign Organization Validation CA - SHA256 - G2
        Certificate Validity
        • Valid From 190121135105Z
        • Valid To 200122135105Z
        Certificate Ciphers
        • SN RSA-SHA256
        • LN sha256WithRSAEncryption
        Certificate Extensions
        • Alternative Hostnames DNS:*.bbc.co.uk, DNS:live.bbc.com, DNS:bbci.co.uk, DNS:bbc.com, DNS:live.bbci.co.uk, DNS:*.live.bbc.com, DNS:*.bbci.co.uk, DNS:*.bbc.com, DNS:*.live.bbc.co.uk, DNS:*.live.bbci.co.uk, DNS:live.bbc.co.uk, DNS:bbc.co.uk
        • Key Usage TLS Web Server Authentication, TLS Web Client Authentication
    • There was a redirect to https://www.bbc.co.uk/
    • Valid methods for a specified resource (Allow) Missing
    • Control options for the current connection (Connection) : keep-alive
    • Specifies Technology in use (X-Powered-By) Missing
    • Security Related

      • modifies the algorithm used to populate the Referer header (Referrer-Policy) Missing
      • stops pages when they detect XSS (X-XSS-Protection) Missing
      • Allow and Deny the use of browser features (Feature-Policy) Missing
      • Platform for Privacy Preferences (P3P) Missing

      Cross Origin Resource Sharing

      • (Access-Control-Allow-Origin) Missing
      • (Access-Control-Allow-Credentials) Missing
      • (Access-Control-Expose-Headers) Missing
      • (Access-Control-Max-Age) Missing
      • (Access-Control-Allow-Methods) Missing
      • (Access-Control-Allow-Headers) Missing

      Content Headers

      • The natural language or languages of the intended audience (Content-Language) Missing
      • The form of encoding used (Transfer-Encoding) Missing
      • The length of the response body (Content-Length) : 313437
      • The Media type of the body of the request (Content-Type) : text/html; charset=utf-8
      • The date and time of generation (Date) : Fri, 29 Mar 2019 19:34:38 GMT
      • An opportunity to raise a File Download dialogue box (Content-Disposition) Missing
      • The type of encoding used on the data (Content-Encoding) Missing
      • An alternate location for the returned data (Content-Location) Missing
      • Where in a full body message this partial message belongs (Content-Range) Missing
      • An identifier for a specific version of a resource (ETag) : W/"4c85d-qtIJ62Hg/++kmsr7dDvuZkggZGo"
      • how to match future request headers (Vary) : Accept-Encoding, X-CDN, X-BBC-Edge-Scheme

      Caching Control

      • Tells caches whether they may cache this object (Cache-Control) : private, max-age=0, must-revalidate
      • Gives the date/time after which the response is considered stale (Expires) Missing
      • The last modified date for the requested object (Last-Modified) Missing
      • Implementation-specific fields for caching (Pragma) Missing
      • From an Intermediate cache (X-Cache-Action) : HIT
      • Intermediate Cache Hits count (X-Cache-Hits) : 1355
      • Intermediate Cache Age (X-Cache-Age) : 117
      • Informs the client of proxies through which the response was sent (Via) Missing
      • The Age this page has been cached in a proxy (Age) Missing

      Strict Transport Security (HSTS) Policy

      • A HSTS Policy for the client with scope (Strict-Transport-Security) Missing

      Cookies and Fragments

      • Cookie Data (Set-Cookie) : ckns_mvt=8f1dacc6-2841-4dab-a51f-4070aee86384; Domain=.bbc.co.uk; Path=/; Expires=Sat, 28 Mar 2020 19:32:41 GMT; HttpOnly; Secure

      Robots.txt

      • You have a robots.txt file and it appears to be valid
        • Allow Entries (0) - Specific Allow
          • Disallow Entries (32) - Specific Disallow
            • /cbbc/search$
            • /cbbc/search/
            • /cbbc/search?
            • /cbeebies/search$
            • /cbeebies/search/
            • /cbeebies/search?
            • /chwilio/
            • /chwilio$
            • /chwilio?
            • /iplayer/bigscreen/
            • /iplayer/cbbc/episodes/
            • /iplayer/cbbc/search
            • /iplayer/cbeebies/episodes/
            • /iplayer/cbeebies/search
            • /iplayer/search
            • /indepthtoolkit/smallprox$
            • /indepthtoolkit/smallprox/
            • /modules/musicnav/language/
            • /news/0
            • /radio/aod/
            • /radio/aod$
            • /radio/player/
            • /radio/player$
            • /search/
            • /search$
            • /search?
            • /ugc$
            • /ugc/
            • /ugcsupport$
            • /ugcsupport/
            • /ugcstatic$
            • /ugcstatic/
          • Sitemap Entries (3) - Sitemaps
            • https://www.bbc.co.uk/sitemap.xml
            • https://www.bbc.co.uk/sitemaps/https-index-uk-archive.xml
            • https://www.bbc.co.uk/sitemaps/https-index-uk-news.xml
          • Other Entries (1)
            • user-agent: *

    Processing Website Profile Data

      Website Render for www.bbc.co.uk

      Technology Profile bbc.co.uk

      We will check for fingerprints of common website technologies

        • Failed to succesfully profile the website, it is likely either custom or plain HTML.

      Meta Profile https://www.bbc.co.uk/

      We will check the entire body for metadata

      • description : The best of the BBC, with the latest news and sport headlines, weather, TV & radio highlights and much more from across the whole of BBC Online
      • keywords : BBC, British Broadcasting Corporation, BBCi, News, Sport, iPlayer, TV, Radio, Food, Music, Business, Arts, Bitesize, Lifestyle, Entertainment, Headlines
      • twitter:card : summary_large_image
      • twitter:site : @bbccouk
      • twitter:title : BBC - Home
      • twitter:description : The best of the BBC, with the latest news and sport headlines, weather, TV & radio highlights and much more from across the whole of BBC Online
      • twitter:creator : @bbccouk
      • twitter:image:src : //homepage.files.bbci.co.uk/s/homepage-v5/5-2-1-82-dd79bdd72/images/bbc_homepage.png
      • twitter:image:alt : BBC Homepage
      • twitter:domain : www.bbc.co.uk
      • viewport : width=device-width, initial-scale=1.0
      • google-site-verification : auTeTTwSt_KBY_4iDoR00Lwb7-qzx1IgzJy6ztaWgEI

      Feature Profile https://www.bbc.co.uk/

      We will check for common HTML, Javascript and CSS Features

      • DocType html (308362)
      • Document Validated No
      • Tawk.to No
      • FontAwesome No
      • Google Web Fonts No
      • T3 Framework No
      • Google Structured Data No
      • Google Analytics No
      • Mamoto Analytics No
      • JQuery No
      • RequireJS No
      • jQuery No

    Processing Completed

      The process is now completed and the results are shown above. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.