Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61050, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.11.2024, 00:00:00 +, Signature-Inception: 21.10.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gr
|
|
gr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 13987, DigestType 2 and Digest /4fpIF+I4dMsZ6Zb1hxoxWaJxgfXaE0SyGfckz1Ubsg=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner gr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.11.2024, 05:00:00 +, Signature-Inception: 30.10.2024, 04:00:00 +, KeyTag 61050, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 61050 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 13987, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 45264, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner gr., Algorithm: 8, 1 Labels, original TTL: 10800 sec, Signature-expiration: 29.11.2024, 06:01:46 +, Signature-Inception: 30.10.2024, 06:01:46 +, KeyTag 13987, Signer-Name: gr
|
|
|
|
|
| RRSIG-Owner gr., Algorithm: 8, 1 Labels, original TTL: 10800 sec, Signature-expiration: 29.11.2024, 06:01:46 +, Signature-Inception: 30.10.2024, 06:01:46 +, KeyTag 45264, Signer-Name: gr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 13987 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 45264 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 13987, DigestType 2 and Digest "/4fpIF+I4dMsZ6Zb1hxoxWaJxgfXaE0SyGfckz1Ubsg=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: everypay.gr
|
|
everypay.gr
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "gn0g1f1n7ggtuthv710s4p55kls6v49n" between the hashed NSEC3-owner "gmn3ogdh8jjed0ri4l0akur3k9m0o12d" and the hashed NextOwner "gn8k7u6tgpueue7nguqa9u47msjk2t2i". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner gmn3ogdh8jjed0ri4l0akur3k9m0o12d.gr., Algorithm: 8, 2 Labels, original TTL: 1800 sec, Signature-expiration: 29.11.2024, 06:01:46 +, Signature-Inception: 30.10.2024, 06:01:46 +, KeyTag 45264, Signer-Name: gr
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "e5housd976jc4sbdh69jcejib7h0fh77" as Owner. That's the Hash of "gr" with the NextHashedOwnerName "e5qu2mgg8pgvs03p2emv8enlospbp2h0". So that domain name is the Closest Encloser of "everypay.gr". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner e5housd976jc4sbdh69jcejib7h0fh77.gr., Algorithm: 8, 2 Labels, original TTL: 1800 sec, Signature-expiration: 29.11.2024, 06:01:46 +, Signature-Inception: 30.10.2024, 06:01:46 +, KeyTag 45264, Signer-Name: gr
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: api.everypay.gr
|
|
api.everypay.gr
| 0 DS RR in the parent zone found
|
|
|
Zone: www.api.everypay.gr
|
|
www.api.everypay.gr
| 0 DS RR in the parent zone found
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61050, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.11.2024, 00:00:00 +, Signature-Inception: 21.10.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: net
|
|
net
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.11.2024, 05:00:00 +, Signature-Inception: 30.10.2024, 04:00:00 +, KeyTag 61050, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 61050 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 31059, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 37331, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner net., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2024, 14:10:35 +, Signature-Inception: 24.10.2024, 14:05:35 +, KeyTag 37331, Signer-Name: net
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 37331 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 37331, DigestType 2 and Digest "LwvsLW95370dCP0ho6+S0OOaS57x4/QRH/8oJJDaRTs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cloudflare.net
|
|
cloudflare.net
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest kPcQoQfaUe14El0wpocEzzwDCK/QG/zXBX1L0Dtixos=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner cloudflare.net., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 06.11.2024, 02:56:11 +, Signature-Inception: 30.10.2024, 01:46:11 +, KeyTag 31059, Signer-Name: net
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 31059 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner cloudflare.net., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 23.12.2024, 08:03:37 +, Signature-Inception: 23.10.2024, 08:03:37 +, KeyTag 2371, Signer-Name: cloudflare.net
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "kPcQoQfaUe14El0wpocEzzwDCK/QG/zXBX1L0Dtixos=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cdn.cloudflare.net
|
|
cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "cdn.cloudflare.net" and the NextOwner "\000.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: gr.cdn.cloudflare.net
|
|
gr.cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "gr.cdn.cloudflare.net" and the NextOwner "\000.gr.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: everypay.gr.cdn.cloudflare.net
|
|
everypay.gr.cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "everypay.gr.cdn.cloudflare.net" and the NextOwner "\000.everypay.gr.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: api.everypay.gr.cdn.cloudflare.net
|
|
api.everypay.gr.cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "api.everypay.gr.cdn.cloudflare.net" and the NextOwner "\000.api.everypay.gr.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 104.18.20.176
104.18.21.176
Validated: RRSIG-Owner api.everypay.gr.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 300 sec, Signature-expiration: 31.10.2024, 10:01:34 +, Signature-Inception: 29.10.2024, 08:01:34 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2606:4700:0000:0000:0000:0000:6812:14B0
2606:4700:0000:0000:0000:0000:6812:15B0
Validated: RRSIG-Owner api.everypay.gr.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 300 sec, Signature-expiration: 31.10.2024, 10:01:35 +, Signature-Inception: 29.10.2024, 08:01:35 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "api.everypay.gr.cdn.cloudflare.net" equal the NSEC-owner "api.everypay.gr.cdn.cloudflare.net" and the NextOwner "\000.api.everypay.gr.cdn.cloudflare.net". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner api.everypay.gr.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 1800 sec, Signature-expiration: 31.10.2024, 10:01:34 +, Signature-Inception: 29.10.2024, 08:01:34 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "api.everypay.gr.cdn.cloudflare.net" equal the NSEC-owner "api.everypay.gr.cdn.cloudflare.net" and the NextOwner "\000.api.everypay.gr.cdn.cloudflare.net". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner api.everypay.gr.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 1800 sec, Signature-expiration: 31.10.2024, 10:01:35 +, Signature-Inception: 29.10.2024, 08:01:35 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.api.everypay.gr.cdn.cloudflare.net) sends a valid NSEC RR as result with the query name "_443._tcp.api.everypay.gr.cdn.cloudflare.net" equal the NSEC-owner "_443._tcp.api.everypay.gr.cdn.cloudflare.net" and the NextOwner "\000._443._tcp.api.everypay.gr.cdn.cloudflare.net". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner _443._tcp.api.everypay.gr.cdn.cloudflare.net., Algorithm: 13, 8 Labels, original TTL: 1800 sec, Signature-expiration: 31.10.2024, 10:01:35 +, Signature-Inception: 29.10.2024, 08:01:35 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "api.everypay.gr.cdn.cloudflare.net" equal the NSEC-owner "api.everypay.gr.cdn.cloudflare.net" and the NextOwner "\000.api.everypay.gr.cdn.cloudflare.net". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner api.everypay.gr.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 1800 sec, Signature-expiration: 31.10.2024, 10:01:35 +, Signature-Inception: 29.10.2024, 08:01:35 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|