Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46780, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.12.2023, 00:00:00 +, Signature-Inception: 20.11.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: wiki
|
|
wiki
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 10870, DigestType 2 and Digest PCympovjH9EiLrZqqmk8bEmR5vhzfKYrFCezyePmdTk=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 27157, DigestType 2 and Digest xyR4pJhqUzD7IaLkJ4I1UxMdcMOZ3bz+3uOVEDyoVD0=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner wiki., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 03.12.2023, 22:00:00 +, Signature-Inception: 20.11.2023, 21:00:00 +, KeyTag 46780, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46780 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 10870, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 27157, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 57159, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner wiki., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 20.12.2023, 17:37:54 +, Signature-Inception: 20.11.2023, 17:22:26 +, KeyTag 27157, Signer-Name: wiki
|
|
|
|
|
| RRSIG-Owner wiki., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 20.12.2023, 17:37:54 +, Signature-Inception: 20.11.2023, 17:22:26 +, KeyTag 57159, Signer-Name: wiki
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 27157 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57159 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 27157, DigestType 2 and Digest "xyR4pJhqUzD7IaLkJ4I1UxMdcMOZ3bz+3uOVEDyoVD0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: pco.wiki
|
|
pco.wiki
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 47824, DigestType 2 and Digest rIyy+SFCnpuwKBTRGUaT/vIYtvY+bez1y6qyn/0qP4w=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner pco.wiki., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 20.12.2023, 20:34:43 +, Signature-Inception: 20.11.2023, 19:54:36 +, KeyTag 57159, Signer-Name: wiki
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57159 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 42033, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 47824, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner pco.wiki., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| RRSIG-Owner pco.wiki., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 47824, Signer-Name: pco.wiki
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 42033 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 47824 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 47824, DigestType 2 and Digest "rIyy+SFCnpuwKBTRGUaT/vIYtvY+bez1y6qyn/0qP4w=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 152.228.170.235
Validated: RRSIG-Owner pco.wiki., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: 1|www.pco.wiki
v=spf1 include:mx.ovh.com ~all
Validated: RRSIG-Owner pco.wiki., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "mvup3am014i82kt052qkskgj28tpp704" equal the hashed NSEC3-owner "mvup3am014i82kt052qkskgj28tpp704" and the hashed NextOwner "squjri6oegmaqblqljth86tra482vbu6". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner mvup3am014i82kt052qkskgj28tpp704.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "mvup3am014i82kt052qkskgj28tpp704" equal the hashed NSEC3-owner "mvup3am014i82kt052qkskgj28tpp704" and the hashed NextOwner "squjri6oegmaqblqljth86tra482vbu6". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner mvup3am014i82kt052qkskgj28tpp704.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.pco.wiki) sends a valid NSEC3 RR as result with the hashed owner name "mvup3am014i82kt052qkskgj28tpp704" (unhashed: pco.wiki). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner mvup3am014i82kt052qkskgj28tpp704.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "8iu70uda3a4jrpb4sav6ho05q4kdfr9v" (unhashed: _tcp.pco.wiki) with the owner "squjri6oegmaqblqljth86tra482vbu6" and the NextOwner "mvup3am014i82kt052qkskgj28tpp704". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "hv8c388cevudjg47do8skcqembcj7a5v" (unhashed: *.pco.wiki) with the owner "squjri6oegmaqblqljth86tra482vbu6" and the NextOwner "mvup3am014i82kt052qkskgj28tpp704". So that NSEC3 confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.pco.wiki) sends a valid NSEC3 RR as result with the owner name "squjri6oegmaqblqljth86tra482vbu6" greater the NextOwner-Name "mvup3am014i82kt052qkskgj28tpp704", so the NSEC3 covers the end of the zone. The hashed query name "29vn9r8gmg0flgblb5s985d6a74el5r2" comes before the hashed NextOwner, so the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, MX, TXT, RRSIG Validated: RRSIG-Owner squjri6oegmaqblqljth86tra482vbu6.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "mvup3am014i82kt052qkskgj28tpp704" equal the hashed NSEC3-owner "mvup3am014i82kt052qkskgj28tpp704" and the hashed NextOwner "squjri6oegmaqblqljth86tra482vbu6". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner mvup3am014i82kt052qkskgj28tpp704.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.pco.wiki
|
|
www.pco.wiki
| 0 DS RR in the parent zone found
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 152.228.170.235
Validated: RRSIG-Owner www.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: l|fr
3|welcome
Validated: RRSIG-Owner www.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "squjri6oegmaqblqljth86tra482vbu6" equal the hashed NSEC3-owner "squjri6oegmaqblqljth86tra482vbu6" and the hashed NextOwner "mvup3am014i82kt052qkskgj28tpp704". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, TXT, RRSIG Validated: RRSIG-Owner squjri6oegmaqblqljth86tra482vbu6.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "squjri6oegmaqblqljth86tra482vbu6" equal the hashed NSEC3-owner "squjri6oegmaqblqljth86tra482vbu6" and the hashed NextOwner "mvup3am014i82kt052qkskgj28tpp704". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, TXT, RRSIG Validated: RRSIG-Owner squjri6oegmaqblqljth86tra482vbu6.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.pco.wiki) sends a valid NSEC3 RR as result with the hashed owner name "squjri6oegmaqblqljth86tra482vbu6" (unhashed: www.pco.wiki). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "eaq7qakuun8uj87i98m3pmdphe8616d3" (unhashed: _tcp.www.pco.wiki) with the owner "squjri6oegmaqblqljth86tra482vbu6" and the NextOwner "mvup3am014i82kt052qkskgj28tpp704". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "hrrefktgbirt8anrh3coaoogdjfu4kp4" (unhashed: *.www.pco.wiki) with the owner "squjri6oegmaqblqljth86tra482vbu6" and the NextOwner "mvup3am014i82kt052qkskgj28tpp704". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, MX, TXT, RRSIG Validated: RRSIG-Owner squjri6oegmaqblqljth86tra482vbu6.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "squjri6oegmaqblqljth86tra482vbu6" equal the hashed NSEC3-owner "squjri6oegmaqblqljth86tra482vbu6" and the hashed NextOwner "mvup3am014i82kt052qkskgj28tpp704". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, TXT, RRSIG Validated: RRSIG-Owner squjri6oegmaqblqljth86tra482vbu6.pco.wiki., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 26.11.2023, 22:52:32 +, Signature-Inception: 27.10.2023, 22:52:32 +, KeyTag 42033, Signer-Name: pco.wiki
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|