[colmmacc]

This is an odd set of tests.

Apart from the negative cache value, none of the numbers in a SOA record matter at all unless you're doing very old-school secondary DNS setups with AXFR/IXFR, usually with Bind or maybe NSD. That's rare these days, and not very secure. You really shouldn't use that.

A TTL of 30 minutes is a terrible idea if you're using DNS for failover with health checks, or load balancing, and a negative cache value of 30 minutes also seems unnecessarily long. That's a long time to have people impacted by a mistakenly deleted record.

The CD bit being set or not doesn't matter if you're not using DNSSEC. Though it's probably worth getting the bit correct.