Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26838, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.08.2021, 00:00:00 +, Signature-Inception: 21.07.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nl
|
|
nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.08.2021, 05:00:00 +, Signature-Inception: 26.07.2021, 04:00:00 +, KeyTag 26838, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26838 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30171, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 03.08.2021, 11:14:27 +, Signature-Inception: 20.07.2021, 16:08:31 +, KeyTag 34112, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: edubadges.nl
|
|
edubadges.nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 41065, DigestType 2 and Digest wgqyeUWrjdekPaC4veiZkn3QTwgeDMDHtsdDya8250k=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner edubadges.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 02.08.2021, 07:18:48 +, Signature-Inception: 18.07.2021, 18:38:34 +, KeyTag 30171, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30171 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 41065, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner edubadges.nl., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.08.2021, 12:48:01 +, Signature-Inception: 21.07.2021, 11:18:01 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 41065 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 41065, DigestType 2 and Digest "wgqyeUWrjdekPaC4veiZkn3QTwgeDMDHtsdDya8250k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: api-demo.edubadges.nl
|
|
api-demo.edubadges.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "3iecr8phtis1jhricq44a8j4o5u38pmn" between the hashed NSEC3-owner "3iecr8phtis1jhricq44a8j4o5u38pmn" and the hashed NextOwner "45nrinj4jol0ngm0if1gu8j15r95nhut". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 3iecr8phtis1jhricq44a8j4o5u38pmn.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 145.100.189.195
Validated: RRSIG-Owner api-demo.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 90 sec, Signature-expiration: 05.08.2021, 14:52:45 +, Signature-Inception: 22.07.2021, 13:22:45 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:0610:0188:0460:0145:0100:0189:0195
Validated: RRSIG-Owner api-demo.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 90 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "3iecr8phtis1jhricq44a8j4o5u38pmn" equal the hashed NSEC3-owner "3iecr8phtis1jhricq44a8j4o5u38pmn" and the hashed NextOwner "45nrinj4jol0ngm0if1gu8j15r95nhut". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 3iecr8phtis1jhricq44a8j4o5u38pmn.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "3iecr8phtis1jhricq44a8j4o5u38pmn" equal the hashed NSEC3-owner "3iecr8phtis1jhricq44a8j4o5u38pmn" and the hashed NextOwner "45nrinj4jol0ngm0if1gu8j15r95nhut". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 3iecr8phtis1jhricq44a8j4o5u38pmn.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.api-demo.edubadges.nl) sends a valid NSEC3 RR as result with the hashed owner name "3iecr8phtis1jhricq44a8j4o5u38pmn" (unhashed: api-demo.edubadges.nl). So that's the Closest Encloser of the query name.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 3iecr8phtis1jhricq44a8j4o5u38pmn.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "blissse1oscst6di7us7ck211ivdanq9" (unhashed: _tcp.api-demo.edubadges.nl) with the owner "b6r91hnj6tfuu60ra1v8m43oq2c7bp25" and the NextOwner "bqp70cv6icev3562kt9qfnnggal2q2qi". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner b6r91hnj6tfuu60ra1v8m43oq2c7bp25.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 14:52:45 +, Signature-Inception: 22.07.2021, 13:22:45 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "aa5ccplkiv0i2sdqd590l2g6dp20f7i8" (unhashed: *.api-demo.edubadges.nl) with the owner "9c19pgbh1c43ce75mcb1ss1p2le4gt6s" and the NextOwner "b6r91hnj6tfuu60ra1v8m43oq2c7bp25". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 9c19pgbh1c43ce75mcb1ss1p2le4gt6s.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "3iecr8phtis1jhricq44a8j4o5u38pmn" equal the hashed NSEC3-owner "3iecr8phtis1jhricq44a8j4o5u38pmn" and the hashed NextOwner "45nrinj4jol0ngm0if1gu8j15r95nhut". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 3iecr8phtis1jhricq44a8j4o5u38pmn.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.api-demo.edubadges.nl
|
|
www.api-demo.edubadges.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "emmll76396aeaoi52ier6tcsb3oncl0p" between the hashed NSEC3-owner "d70kap195nh5fsdmbdrarp801hst9ppr" and the hashed NextOwner "etnt5bbueqk55eb0c9lmo673fr57to31". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner d70kap195nh5fsdmbdrarp801hst9ppr.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "3iecr8phtis1jhricq44a8j4o5u38pmn" as Owner. That's the Hash of "api-demo.edubadges.nl" with the NextHashedOwnerName "45nrinj4jol0ngm0if1gu8j15r95nhut". So that domain name is the Closest Encloser of "www.api-demo.edubadges.nl". Opt-Out: False.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 3iecr8phtis1jhricq44a8j4o5u38pmn.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|
|
|
|
|
| The ClosestEncloser says, that "*.api-demo.edubadges.nl" with the Hash "aa5ccplkiv0i2sdqd590l2g6dp20f7i8" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "9c19pgbh1c43ce75mcb1ss1p2le4gt6s" and the Next Owner "b6r91hnj6tfuu60ra1v8m43oq2c7bp25", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 9c19pgbh1c43ce75mcb1ss1p2le4gt6s.edubadges.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 12:17:30 +, Signature-Inception: 22.07.2021, 10:47:30 +, KeyTag 41065, Signer-Name: edubadges.nl
|