DNS Analysis Results

google.com
New Analysis
DNS & Trust Posture: PARTIAL
Some critical security controls are missing.
1 issue
Findings Summary
Action Required:
  • DNSSEC not enabled (DNS responses can be spoofed)
Configured:
  • MTA-STS (policy present)
  • TLS-RPT (reporting configured)
Not Configured:
  • BIMI (brand logo in inboxes)
Registrar (RDAP)
Markmonitor Inc.
Where you pay to own domain
Email Service Provider
Google Workspace
Where email is hosted (MX)
Web Hosting
Google Cloud DNS
Where website is hosted
DNS Hosting
Google Cloud DNS
Where DNS records are edited
Email Security Can this domain be impersonated by email? Partially
Verdict: Partial email authentication configured - some spoofed messages may be delivered.
SPF Record Success

Valid SPF record found

v=spf1 include:_spf.google.com ~all
DMARC Policy Success REJECT

DMARC policy is set to "reject" - excellent protection

v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com
DKIM Records Warning

No DKIM records found for common selectors

MTA-STS Success

MTA-STS record found

v=STSv1; id=20210803T010101;
TLS-RPT Success

TLS-RPT configured - receiving TLS delivery reports

v=TLSRPTv1;rua=mailto:sts-reports@google.com
Brand Security Can my brand be convincingly faked? No
Verdict: Certificate issuance is controlled but brand logo (BIMI) is not configured.
BIMI (Brand Logo) Warning

No BIMI record found

CAA (Certificate Authority) Success

CAA configured - only pki.goog can issue certificates

Authorized CAs: pki.goog
0 issue "pki.goog"
Domain Security Can DNS itself be tampered with? Partially
Verdict: Delegation is verified but DNS responses are unsigned and could be spoofed.
DNSSEC Unsigned

DNSSEC not configured - DNS responses are unsigned

Without DNSSEC, DNS responses can be spoofed. Enable at your DNS provider for cryptographic verification.
NS Delegation Verified

4 nameserver(s) configured

Nameservers: ns1.google.com ns2.google.com ns3.google.com ns4.google.com
Traffic & Routing Where traffic flows & how services resolve
AIPv4 Address
209.85.200.138
209.85.200.102
209.85.200.100
209.85.200.101
209.85.200.139
209.85.200.113
Where the domain points for web traffic
AAAAIPv6 Address
2607:f8b0:4001:c16::8a
2607:f8b0:4001:c16::64
2607:f8b0:4001:c16::8b
2607:f8b0:4001:c16::65
IPv6 ready
MXMail Servers
10 smtp.google.com.
Priority + mail server for email delivery
SRVServices
No SRV records
No service-specific routing configured
Web: Reachable (6 IPv4, 4 IPv6) Mail: 1 server Services: None
Δ Changes Detected: A AAAA Resolver ≠ Authoritative (TTL / CDN rotation / recent change)
Risk: Low - typically resolves within TTL
Evidence: Resolver Records (Raw DNS data)
A 6 records
Still Propagating
209.85.200.138
209.85.200.102
209.85.200.100
209.85.200.101
209.85.200.139
209.85.200.113
AAAA 4 records
Still Propagating
2607:f8b0:4001:c16::8a
2607:f8b0:4001:c16::64
2607:f8b0:4001:c16::8b
2607:f8b0:4001:c16::65
MX 1 record
Synchronized
10 smtp.google.com.
TXT 12 records
Synchronized
docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
google-site-verification=4ibFUgB-wXLQ_S7vsXVomSTVamuOXBiVAzpR5IZ87D0
onetrust-domain-verification=6d685f1d41a94696ad7ef771f68993e0
google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ
v=spf1 include:_spf.google.com ~all
apple-domain-verification=30afIBcvSuDV2PLX
MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB
docusign=1b0a6754-49b1-4db5-8540-d2c12664b289
cisco-ci-domain-verification=47c38bc8c4b74b7233e9053220c1bbe76bcc1cd33c7acf7acd36cd6a5332004b
globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=
facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95
google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o
NS 4 records
Synchronized
ns4.google.com.
ns1.google.com.
ns2.google.com.
ns3.google.com.
CNAME No records
No records found
Tip: CNAMEs are usually on subdomains. Try searching www.google.com or another subdomain.
SRV No records
No records found
Evidence: Authoritative Records (Direct from nameserver)
A 6 records
142.250.152.139
142.250.152.138
142.250.152.100
142.250.152.101
142.250.152.113
142.250.152.102
AAAA 4 records
2607:f8b0:4001:c56::8a
2607:f8b0:4001:c56::8b
2607:f8b0:4001:c56::64
2607:f8b0:4001:c56::71
MX 1 record
10 smtp.google.com.
TXT 12 records
apple-domain-verification=30afIBcvSuDV2PLX
facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95
MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB
google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ
v=spf1 include:_spf.google.com ~all
onetrust-domain-verification=6d685f1d41a94696ad7ef771f68993e0
google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o
docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=
docusign=1b0a6754-49b1-4db5-8540-d2c12664b289
cisco-ci-domain-verification=47c38bc8c4b74b7233e9053220c1bbe76bcc1cd33c7acf7acd36cd6a5332004b
google-site-verification=4ibFUgB-wXLQ_S7vsXVomSTVamuOXBiVAzpR5IZ87D0
NS 4 records
ns2.google.com.
ns1.google.com.
ns4.google.com.
ns3.google.com.
Analyze Another Domain