Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 25266, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59944, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.07.2019, 00:00:00 +, Signature-Inception: 20.06.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gov
|
|
gov
| 2 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 06.07.2019, 17:00:00 +, Signature-Inception: 23.06.2019, 16:00:00 +, KeyTag 25266, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7698, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 43583, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.07.2019, 21:47:31 +, Signature-Inception: 16.06.2019, 21:42:31 +, KeyTag 7698, Signer-Name: gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7698 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 1 and Digest "bxCbRqgM6pYT3IbVo+BlUgUFqv4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 2 and Digest "a8lJ5jhELq0L2vCTV2PI0AN2A4T/Feu9XOhrtVWVYfA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: state.gov
|
|
state.gov
| 2 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner state.gov., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 30.06.2019, 22:10:07 +, Signature-Inception: 23.06.2019, 22:10:07 +, KeyTag 43583, Signer-Name: gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 43583 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 38118, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 48070, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61654, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner state.gov., Algorithm: 8, 2 Labels, original TTL: 15768000 sec, Signature-expiration: 10.06.2020, 13:52:10 +, Signature-Inception: 11.06.2019, 13:14:32 +, KeyTag 38118, Signer-Name: state.gov
|
|
|
|
|
| RRSIG-Owner state.gov., Algorithm: 8, 2 Labels, original TTL: 15768000 sec, Signature-expiration: 10.06.2020, 13:52:10 +, Signature-Inception: 11.06.2019, 13:14:32 +, KeyTag 48070, Signer-Name: state.gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 38118 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48070 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 48070, DigestType 1 and Digest "soYnecVbVxpHpYR+qM2d0tRUKL0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 48070, DigestType 2 and Digest "o56pSsitVkmvppgFyuUntNmnAMQSWf+u3QSAO5gySPk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: alumni.state.gov
|
|
alumni.state.gov
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vksgpdc9uuj11rmp8mpp8bek42a4pa4d" between the hashed NSEC3-owner "vksgpdc9uuj11rmp8mpp8bek42a4pa4d" and the hashed NextOwner "vl0pgdomu786ik0l2h322o4e3dv8o4qu". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, MX, TXT, RRSIG Validated: RRSIG-Owner vksgpdc9uuj11rmp8mpp8bek42a4pa4d.state.gov., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 05.06.2020, 15:14:24 +, Signature-Inception: 06.06.2019, 14:49:03 +, KeyTag 38118, Signer-Name: state.gov
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 192.255.48.214
Validated: RRSIG-Owner alumni.state.gov., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 05.06.2020, 15:32:10 +, Signature-Inception: 06.06.2019, 14:49:24 +, KeyTag 38118, Signer-Name: state.gov
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 mx a:alumni.state.gov. -all
Validated: RRSIG-Owner alumni.state.gov., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 05.06.2020, 14:56:09 +, Signature-Inception: 06.06.2019, 14:49:23 +, KeyTag 38118, Signer-Name: state.gov
|
|
|
|
|
| RRSIG Type 50, expiration 2020-06-05 15:14:24 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, MX, TXT, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-06-05 15:14:24 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, MX, TXT, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-06-05 15:41:51 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-06-05 15:14:24 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, MX, TXT, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-06-05 15:14:24 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, MX, TXT, RRSIG
|
|
|
Zone: www.alumni.state.gov
|
|
www.alumni.state.gov
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "i9jvsanqibbusbtsfc7cpvnukokaudhv" between the hashed NSEC3-owner "i8rbrnu938e8ek5hpbbtaaedkughb7gg" and the hashed NextOwner "i9n7lakh89qrca6q5ivns8kgsvltt9oj". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner i8rbrnu938e8ek5hpbbtaaedkughb7gg.state.gov., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 05.06.2020, 15:18:34 +, Signature-Inception: 06.06.2019, 14:49:30 +, KeyTag 38118, Signer-Name: state.gov
|