Failed : Modern addresses reachable (IPv6)

Too bad! Your internet provider has not given you a modern internet address (IPv6), or has not configured everything correctly. Therefore you are not able to reach other computers with modern addresses. Please ask your internet provider for full IPv6 connectivity.

Verdict:

Your DNS resolver is not able to reach name servers over IPv6.

Test explanation:

We check if at least one of the DNS resolvers that you are using is able to reach our authoritative name servers over IPv6. Usually your internet provider provides the DNS resolver(s).

Verdict:

You are not able to reach computers via DNS on their IPv6 address.

Test explanation:

We check if your device through its current internet connection is able to connect to our webserver via IPv6. For this test we provide a domain name and we expect your resolver to resolve the domain name to the appropriate IPv6 address.

Verdict:

This subtest did not run, because either a parent test that this subtest depends on gave a negative result, or not enough information was available to run this subtest.

Test explanation:

We check if your device through its current internet connection is able to connect directly (i.e. without DNS translation) with our webserver using our corresponding IPv6 address.

Some browser add-ons and routers offer functionality for domain filtering in order to enhance privacy or restrict internet use. To prevent circumvention this kind of functionality often blocks connecting to IP addresses directly, making your internet connection fail for this subtest.

Verdict:

This subtest did not run, because either a parent test that this subtest depends on gave a negative result, or not enough information was available to run this subtest.

Test explanation:

We check if your device uses IPv6 Privacy Extensions for SLAAC (or another IPv6 configuration process than SLAAC) in order to prevent leakage of its potentially privacy sensitive MAC address to computers it connects with over IPV6.

Verdict:

You are not able to reach computers via DNS on their IPv4 address.

Test explanation:

We check if your device through its current internet connection is able to connect to our webserver via IPv4. For this test we provide a domain name and we expect your resolver to resolve the domain name to the appropriate IPv4 address.

Requirement level: Optional


Failed : Domain signature validation (DNSSEC)

Too bad! Domain signatures (DNSSEC) are not validated for you. Therefore you are not protected against manipulated translation from signed domains into rogue IP addresses. Please ask your internet provider for DNSSEC validation and/or enable it on your own systems.

Verdict:

This subtest did not run, because either a parent test that this subtest depends on gave a negative result, or not enough information was available to run this subtest.

Test explanation:

We check if the resolvers that you use validate the DNSSEC signatures of our domain name. Resolvers are usually provided by your internet provider. Alternatively you can configure resolvers from another DNS provider. You can even use your own locally installed resolver. Although validation is done in the resolver, the communication from the resolver back to your device (referred to as 'last mile') could still be tampered with by an attacker. Thus the most secure way is to validate close to the end user device (e.g. by using a locally installed resolver), or make sure that the channel between your resolver and your end user device is secured/trusted.