Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 33853, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.04.2020, 00:00:00 +, Signature-Inception: 11.03.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 02.04.2020, 17:00:00 +, Signature-Inception: 20.03.2020, 16:00:00 +, KeyTag 33853, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 33853 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 56311, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 31.03.2020, 18:24:21 +, Signature-Inception: 16.03.2020, 18:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 31.03.2020, 18:24:21 +, Signature-Inception: 16.03.2020, 18:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ctemplar.com
|
|
ctemplar.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner ctemplar.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 28.03.2020, 05:00:57 +, Signature-Inception: 21.03.2020, 03:50:57 +, KeyTag 56311, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 56311 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ctemplar.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.04.2020, 22:27:19 +, Signature-Inception: 18.02.2020, 22:27:19 +, KeyTag 2371, Signer-Name: ctemplar.com
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "JYJE/YM1YiSWGt4euehY7Qc2okUwPwbMvNMJw44zAUU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 82.221.128.126
Validated: RRSIG-Owner ctemplar.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 22.03.2020, 09:39:25 +, Signature-Inception: 20.03.2020, 07:39:25 +, KeyTag 34505, Signer-Name: ctemplar.com
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 a mx ~all
Validated: RRSIG-Owner ctemplar.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 22.03.2020, 09:39:25 +, Signature-Inception: 20.03.2020, 07:39:25 +, KeyTag 34505, Signer-Name: ctemplar.com
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.ctemplar.com): _443._tcp.ctemplar.com: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 079f4c50426cf8c10e87a88ce359c1ecb14105898b278e4b2bb1f61071c362c5
Validated: RRSIG-Owner _443._tcp.ctemplar.com., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 22.03.2020, 09:39:25 +, Signature-Inception: 20.03.2020, 07:39:25 +, KeyTag 34505, Signer-Name: ctemplar.com
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:support@ctemplar.com
5|issuecomodoca.com
5|issuedigicert.com
5|issueletsencrypt.org
9|issuewildcomodoca.com
9|issuewilddigicert.com
9|issuewildletsencrypt.org
Validated: RRSIG-Owner ctemplar.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 22.03.2020, 09:39:25 +, Signature-Inception: 20.03.2020, 07:39:25 +, KeyTag 34505, Signer-Name: ctemplar.com
|
|
|
|
|
| RRSIG Type 47, expiration 2020-03-22 09:39:25 + validates the NSEC RR that proves the not-existence of the CNAME RR. Owner ctemplar.com, NextOwner: \000.ctemplar.com.
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, HIP, CDS, CDNSKEY, 61, 99, CAA
|
|
|
|
|
| RRSIG Type 47, expiration 2020-03-22 09:39:25 + validates the NSEC RR that proves the not-existence of the AAAA RR. Owner ctemplar.com, NextOwner: \000.ctemplar.com.
Bitmap: A, NS, SOA, 13, MX, TXT, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, HIP, CDS, CDNSKEY, 61, 99, CAA
|
|
|
Zone: www.ctemplar.com
|
|
www.ctemplar.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.ctemplar.com" and the NextOwner "\000.www.ctemplar.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, TLSA, HIP, 61, 99, CAA
|