Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61050, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.11.2024, 00:00:00 +, Signature-Inception: 11.10.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: edu
|
|
edu
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 35663, DigestType 2 and Digest ouFhQpGDGkdGtaxStLNFNXaHJx6FNTCCdB8c89BqTB0=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner edu., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2024, 05:00:00 +, Signature-Inception: 11.10.2024, 04:00:00 +, KeyTag 61050, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 61050 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 26800, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 30299, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 35663, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner edu., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.10.2024, 15:11:14 +, Signature-Inception: 02.10.2024, 15:06:14 +, KeyTag 35663, Signer-Name: edu
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 35663 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 35663, DigestType 2 and Digest "ouFhQpGDGkdGtaxStLNFNXaHJx6FNTCCdB8c89BqTB0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: upenn.edu
|
|
upenn.edu
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 17409, DigestType 2 and Digest 3pRbfIXQXhYbkYVPaLRP+DQE8rRDWeKGh73q1sZL1r4=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner upenn.edu., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 18.10.2024, 03:12:38 +, Signature-Inception: 11.10.2024, 02:02:38 +, KeyTag 30299, Signer-Name: edu
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 30299 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 17409, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 39112, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 53469, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner upenn.edu., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 01.11.2024, 19:49:55 +, Signature-Inception: 02.10.2024, 19:37:57 +, KeyTag 17409, Signer-Name: upenn.edu
|
|
|
|
|
| RRSIG-Owner upenn.edu., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 01.11.2024, 19:49:55 +, Signature-Inception: 02.10.2024, 19:37:57 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 17409 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 53469 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 17409, DigestType 2 and Digest "3pRbfIXQXhYbkYVPaLRP+DQE8rRDWeKGh73q1sZL1r4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: seas.upenn.edu
|
|
seas.upenn.edu
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "seas.upenn.edu" and the NextOwner "080-STM-1.seas.upenn.edu". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, MX, TXT, RRSIG, NSEC
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: nanoquant.seas.upenn.edu
|
|
nanoquant.seas.upenn.edu
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, MX, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 5 validates the CNAME - Result: alliance-vhosts.seas.upenn.edu
Validated: RRSIG-Owner nanoquant.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 28.10.2024, 17:25:30 +, Signature-Inception: 28.09.2024, 16:27:47 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
Zone: ampere.nanoquant.seas.upenn.edu
|
|
ampere.nanoquant.seas.upenn.edu
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 158.130.74.89
Validated: RRSIG-Owner ampere.nanoquant.seas.upenn.edu., Algorithm: 13, 5 Labels, original TTL: 86400 sec, Signature-expiration: 31.10.2024, 17:42:58 +, Signature-Inception: 01.10.2024, 17:15:07 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "ampere.nanoquant.seas.upenn.edu" equal the NSEC-owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner ampere.nanoquant.seas.upenn.edu., Algorithm: 13, 5 Labels, original TTL: 600 sec, Signature-expiration: 28.10.2024, 11:48:52 +, Signature-Inception: 28.09.2024, 10:50:47 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "ampere.nanoquant.seas.upenn.edu" equal the NSEC-owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner ampere.nanoquant.seas.upenn.edu., Algorithm: 13, 5 Labels, original TTL: 600 sec, Signature-expiration: 28.10.2024, 11:48:52 +, Signature-Inception: 28.09.2024, 10:50:47 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "ampere.nanoquant.seas.upenn.edu" equal the NSEC-owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner ampere.nanoquant.seas.upenn.edu., Algorithm: 13, 5 Labels, original TTL: 600 sec, Signature-expiration: 28.10.2024, 11:48:52 +, Signature-Inception: 28.09.2024, 10:50:47 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.ampere.nanoquant.seas.upenn.edu) sends a valid NSEC RR as result with the owner name ampere.nanoquant.seas.upenn.edu. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.ampere.nanoquant.seas.upenn.edu) sends a valid NSEC RR as result with the query name "_443._tcp.ampere.nanoquant.seas.upenn.edu" between the NSEC-owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.ampere.nanoquant.seas.upenn.edu) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.ampere.nanoquant.seas.upenn.edu" between the NSEC-owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner ampere.nanoquant.seas.upenn.edu., Algorithm: 13, 5 Labels, original TTL: 600 sec, Signature-expiration: 28.10.2024, 11:48:52 +, Signature-Inception: 28.09.2024, 10:50:47 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "ampere.nanoquant.seas.upenn.edu" equal the NSEC-owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner ampere.nanoquant.seas.upenn.edu., Algorithm: 13, 5 Labels, original TTL: 600 sec, Signature-expiration: 28.10.2024, 11:48:52 +, Signature-Inception: 28.09.2024, 10:50:47 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.ampere.nanoquant.seas.upenn.edu
|
|
www.ampere.nanoquant.seas.upenn.edu
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "ampere.nanoquant.seas.upenn.edu" and the NextOwner "awg7102.nanoquant.seas.upenn.edu". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RRSIG, NSEC
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61050, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.11.2024, 00:00:00 +, Signature-Inception: 11.10.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: edu
|
|
edu
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 35663, DigestType 2 and Digest ouFhQpGDGkdGtaxStLNFNXaHJx6FNTCCdB8c89BqTB0=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner edu., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2024, 05:00:00 +, Signature-Inception: 11.10.2024, 04:00:00 +, KeyTag 61050, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 61050 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 26800, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 30299, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 35663, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner edu., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.10.2024, 15:11:14 +, Signature-Inception: 02.10.2024, 15:06:14 +, KeyTag 35663, Signer-Name: edu
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 35663 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 35663, DigestType 2 and Digest "ouFhQpGDGkdGtaxStLNFNXaHJx6FNTCCdB8c89BqTB0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: upenn.edu
|
|
upenn.edu
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 17409, DigestType 2 and Digest 3pRbfIXQXhYbkYVPaLRP+DQE8rRDWeKGh73q1sZL1r4=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner upenn.edu., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 18.10.2024, 03:12:38 +, Signature-Inception: 11.10.2024, 02:02:38 +, KeyTag 30299, Signer-Name: edu
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 30299 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 17409, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 39112, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 53469, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner upenn.edu., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 01.11.2024, 19:49:55 +, Signature-Inception: 02.10.2024, 19:37:57 +, KeyTag 17409, Signer-Name: upenn.edu
|
|
|
|
|
| RRSIG-Owner upenn.edu., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 01.11.2024, 19:49:55 +, Signature-Inception: 02.10.2024, 19:37:57 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 17409 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 53469 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 17409, DigestType 2 and Digest "3pRbfIXQXhYbkYVPaLRP+DQE8rRDWeKGh73q1sZL1r4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: seas.upenn.edu
|
|
seas.upenn.edu
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "seas.upenn.edu" and the NextOwner "080-STM-1.seas.upenn.edu". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, MX, TXT, RRSIG, NSEC
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: alliance-vhosts.seas.upenn.edu
|
|
alliance-vhosts.seas.upenn.edu
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, MX, RRSIG, NSEC
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 158.130.67.172
Validated: RRSIG-Owner alliance-vhosts.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 19.10.2024, 08:11:30 +, Signature-Inception: 19.09.2024, 07:51:57 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "alliance-vhosts.seas.upenn.edu" equal the NSEC-owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, RRSIG, NSEC Validated: RRSIG-Owner alliance-vhosts.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 600 sec, Signature-expiration: 08.11.2024, 15:01:52 +, Signature-Inception: 09.10.2024, 14:55:32 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "alliance-vhosts.seas.upenn.edu" equal the NSEC-owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, RRSIG, NSEC Validated: RRSIG-Owner alliance-vhosts.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 600 sec, Signature-expiration: 08.11.2024, 15:01:52 +, Signature-Inception: 09.10.2024, 14:55:32 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "alliance-vhosts.seas.upenn.edu" equal the NSEC-owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, RRSIG, NSEC Validated: RRSIG-Owner alliance-vhosts.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 600 sec, Signature-expiration: 08.11.2024, 15:01:52 +, Signature-Inception: 09.10.2024, 14:55:32 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.alliance-vhosts.seas.upenn.edu) sends a valid NSEC RR as result with the owner name alliance-vhosts.seas.upenn.edu. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.alliance-vhosts.seas.upenn.edu) sends a valid NSEC RR as result with the query name "_443._tcp.alliance-vhosts.seas.upenn.edu" between the NSEC-owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.alliance-vhosts.seas.upenn.edu) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.alliance-vhosts.seas.upenn.edu" between the NSEC-owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: A, MX, RRSIG, NSEC Validated: RRSIG-Owner alliance-vhosts.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 600 sec, Signature-expiration: 08.11.2024, 15:01:52 +, Signature-Inception: 09.10.2024, 14:55:32 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "alliance-vhosts.seas.upenn.edu" equal the NSEC-owner "alliance-vhosts.seas.upenn.edu" and the NextOwner "altair.seas.upenn.edu". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, MX, RRSIG, NSEC Validated: RRSIG-Owner alliance-vhosts.seas.upenn.edu., Algorithm: 13, 4 Labels, original TTL: 600 sec, Signature-expiration: 08.11.2024, 15:01:52 +, Signature-Inception: 09.10.2024, 14:55:32 +, KeyTag 53469, Signer-Name: upenn.edu
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|