Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59944, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.09.2019, 00:00:00 +, Signature-Inception: 20.08.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nl
|
|
nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 10.09.2019, 17:00:00 +, Signature-Inception: 28.08.2019, 16:00:00 +, KeyTag 59944, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17593, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2019, 22:04:06 +, Signature-Inception: 25.08.2019, 22:07:02 +, KeyTag 34112, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cbs.nl
|
|
cbs.nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 01:28:11 +, Signature-Inception: 21.08.2019, 06:08:02 +, KeyTag 17593, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17593 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 4 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26180, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30174, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 51505, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59260, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 26180, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 14:40:20 +, Signature-Inception: 28.08.2019, 13:40:20 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26180 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30174 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26180, DigestType 2 and Digest "RRbzgwj8qMJpDNjJmoAJhX55+Mw3Wx8RuGh05CMiH1I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.63.20.44
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: MS=ms84063695
MS=FD936BDBA3E8034A3C49BD3B5D6D4AC48E42B64E
804bc80c-cca6-4d27-b5ae-e4ffb0f082a2-04072018
v=spf1 mx include:_spf_mx.solvinity.com include:_spf.salesforce.com include:spf.afas.online -all
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A00:1558:2807:0001:0000:0000:B93F:142C
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.cbs.nl): _443._tcp.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6
Validated: RRSIG-Owner _443._tcp.cbs.nl., Algorithm: 8, 4 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:rpgr@cbs.nl
5|issueletsencrypt.org
5|issuepkioverheid.nl
5|issuequovadisglobal.com
Validated: RRSIG-Owner cbs.nl., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
Zone: www.cbs.nl
|
|
www.cbs.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vhqrhvliaed1pj93338vkp9kdotr9rv1" between the hashed NSEC3-owner "vhqrhvliaed1pj93338vkp9kdotr9rv1" and the hashed NextOwner "vi85n7nkh90t7pc61biaid6gmr542331". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner vhqrhvliaed1pj93338vkp9kdotr9rv1.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.63.20.44
Validated: RRSIG-Owner www.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A00:1558:2807:0001:0000:0000:B93F:142C
Validated: RRSIG-Owner www.cbs.nl., Algorithm: 8, 3 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.www.cbs.nl): _443._tcp.www.cbs.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: d7522bd2b54b4e45aca32bbfa9fb93bd0329493848b477003b85a1f6169782d6
Validated: RRSIG-Owner _443._tcp.www.cbs.nl., Algorithm: 8, 5 Labels, original TTL: 7200 sec, Signature-expiration: 04.09.2019, 02:39:49 +, Signature-Inception: 25.08.2019, 01:39:49 +, KeyTag 30174, Signer-Name: cbs.nl
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, AAAA, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, AAAA, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-04 02:39:49 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, AAAA, RRSIG
|