Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 11019, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46780, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.10.2023, 00:00:00 +, Signature-Inception: 19.09.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: net
|
|
net
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 02.10.2023, 14:00:00 +, Signature-Inception: 19.09.2023, 13:00:00 +, KeyTag 11019, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 11019 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 35886, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 39455, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.10.2023, 16:28:30 +, Signature-Inception: 16.09.2023, 16:23:30 +, KeyTag 35886, Signer-Name: net
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35886 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest "eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: brianerickson.net
|
|
brianerickson.net
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 24454, DigestType 2 and Digest xo7BeRH/aCb88eAyL62sQpVUt3E9WRi//t4LQwmudOQ=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner brianerickson.net., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 24.09.2023, 06:57:43 +, Signature-Inception: 17.09.2023, 05:47:43 +, KeyTag 39455, Signer-Name: net
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39455 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 24454, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 36698, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 24454, Signer-Name: brianerickson.net
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 24454 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 24454, DigestType 2 and Digest "xo7BeRH/aCb88eAyL62sQpVUt3E9WRi//t4LQwmudOQ=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 35.208.39.50
Validated: RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 mx -all
google-site-verification=SSObT9T6Y8TwT2pIj_3k14nW0TX2eXMPI4b9IHf5mTk
Validated: RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 32773|issueletsencrypt.org
Validated: RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "brianerickson.net" equal the NSEC-owner "brianerickson.net" and the NextOwner "_dmarc.brianerickson.net". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CDS, CAA Validated: RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "brianerickson.net" equal the NSEC-owner "brianerickson.net" and the NextOwner "_dmarc.brianerickson.net". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CDS, CAA Validated: RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.brianerickson.net) sends a valid NSEC RR as result with the owner name brianerickson.net. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "brianerickson.net" and the NextOwner "_dmarc.brianerickson.net". So that NSEC confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CDS, CAA Validated: RRSIG-Owner brianerickson.net., Algorithm: 13, 2 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.brianerickson.net) sends a valid NSEC RR as result with the query name "_443._tcp.brianerickson.net" between the NSEC-owner "srv2._domainkey.brianerickson.net" and the NextOwner "www.brianerickson.net". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.brianerickson.net) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.brianerickson.net" between the NSEC-owner "srv2._domainkey.brianerickson.net" and the NextOwner "www.brianerickson.net". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: TXT, RRSIG, NSEC Validated: RRSIG-Owner srv2._domainkey.brianerickson.net., Algorithm: 13, 4 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.brianerickson.net
|
|
www.brianerickson.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 35.208.39.50
Validated: RRSIG-Owner www.brianerickson.net., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "www.brianerickson.net" equal the NSEC-owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.brianerickson.net., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "www.brianerickson.net" equal the NSEC-owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.brianerickson.net., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "www.brianerickson.net" equal the NSEC-owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.brianerickson.net., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.brianerickson.net) sends a valid NSEC RR as result with the owner name www.brianerickson.net. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.www.brianerickson.net) sends a valid NSEC RR as result with the query name "_443._tcp.www.brianerickson.net" between the NSEC-owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.www.brianerickson.net) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.www.brianerickson.net" between the NSEC-owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.brianerickson.net., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "www.brianerickson.net" equal the NSEC-owner "www.brianerickson.net" and the NextOwner "brianerickson.net". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.brianerickson.net., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 09.10.2023, 01:33:36 +, Signature-Inception: 17.09.2023, 01:33:36 +, KeyTag 36698, Signer-Name: brianerickson.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|