100% scoring on internet.nl and Mozilla Observatory for demo install

William

Verified User
Joined
May 13, 2017
Messages
6
The current demo (demo.directadmin.com) isn't installed in a way that it shows it's full potential.

Failed : Not reachable via modern internet address, or improvement possible (IPv6)
Failed : Domain name not signed (DNSSEC)
Failed : Connection not or insufficiently secured (HTTPS)

and

Content Security Policy: Content Security Policy (CSP) header not implemented
HTTP Strict Transport Security: HTTP Strict Transport Security (HSTS) header not implemented
Referrer Policy: Referrer-Policy header not implemented (optional)
X-Content-Type-Options: X-Content-Type-Options header not implemented
X-Frame-Options: X-Frame-Options (XFO) header not implemented
X-XSS-Protection: X-XSS-Protection header not implemented

More info: https://en.internet.nl/site/demo.directadmin.com/156836/ and https://observatory.mozilla.org/analyze.html?host=demo.directadmin.com

Wouldn't it be great if the demo install would just score 100% and 'A'?
 
What is your point?
It is just a demo.
Some other control panels (Plesk) doesn´t have a official demo.
Cpanel have a online demo and score is also "bad" https://en.internet.nl/site/demo.cpanel.net/156847/, but again it has nothing to do with the potential of a control panel.

When you use DirectAdmin it is up to you to install it and get a 100% score on your domain/the domain you use for your panel.
 
Some items, like good DKIM, DANE etc. are quite hard. Configuring the demo site correctly can illustrate how you can actually achieve it, as in the demo all settings are also visible.

Never measure yourself on the badness of others, just do it better so they can measure themselfs to you.
 
Some items, like good DKIM, DANE etc. are quite hard. Configuring the demo site correctly can illustrate how you can actually achieve it, as in the demo all settings are also visible.

Never measure yourself on the badness of others, just do it better so they can measure themselfs to you.

You mean in Combi with a kind of howto documentation?

But these could be for a lot of sites / cms very different! ( not directly DA related)

Content Security Policy: Content Security Policy (CSP) header not implemented
HTTP Strict Transport Security: HTTP Strict Transport Security (HSTS) header not implemented
Referrer Policy: Referrer-Policy header not implemented (optional)
X-Content-Type-Options: X-Content-Type-Options header not implemented
X-Frame-Options: X-Frame-Options (XFO) header not implemented
X-XSS-Protection: X-XSS-Protection header not implemented

Therefore https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

IPv6 is very Hosting depended
DNSSEC also.
 
Last edited:
You mean in Combi with a kind of howto documentation?

But these could be for a lot of sites / cms very different! ( not directly DA related)

Yup.

And some stuff isn't by default correct yet, such as Let's encrypt certificates of the mailserver-SSL.
(wishful thinking) If the demo is made 100% all these items will get noticed and fixed.
 
Yup.

And some stuff isn't by default correct yet, such as Let's encrypt certificates of the mailserver-SSL.
(wishful thinking)

Depends of settings the real mailserver is normally your server / hostname.
And how you name that mailserver/hostname mx records and so on, that also depend on Hoster what for posssible options and DNS options they have or not have.


But not everyone is using this real mailserver / hostname in mailsettings.

I think it should while this is how it really is all other is "virtual" ... and wishfull thinking yes for that domain holder/user i have my own mailserver.... ;)

That is how i see that part, yes you can get some dovecot sni, exim and other setting a kind of virtual for the domain itself but the box ( mail hostname) that is handling with needed reverse ptr ipv4 and ipv6 is the real one

There is no ( only 1 right) default for that only maybe more to choose from defaults, you have to sett yourself then with option choose and or dropdowns...


So more example with different configs and settings could be right or even wrong on that intenet.nl, a lot of "government"and big company sites are not even close of 100%

I myself don't want have 100% there while dnssec s...cks to much risk someone make a mistake somewhere on the web and ....
https://ianix.com/pub/dnssec-outages.html be4 very very carefull with that and with wich company's and technologys you are working with dnssec overall....

Even this site has now 14-02-2018 a 503 error don't know this is related but that guys are...
https://dnssec-name-and-shame.com/
Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

The said before of this own site
Known good examples https://dnssec-name-and-shame.com/

The organizations and companies working with DNSSEC are of course signed - follow their example!

As you can read even they did had real problems outage as specialists..
https://ianix.com/pub/dnssec-outages/20180125-dnssec-tools.org/
This page gives some details on the dnssec-tools.org DNSSEC outage from January 25 to January 26, 2018.
 
Last edited:
Back
Top