Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 951, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 23.03.2023, 00:00:00 +, Signature-Inception: 02.03.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.03.2023, 05:00:00 +, Signature-Inception: 09.03.2023, 04:00:00 +, KeyTag 951, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 951 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 36739, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 16.03.2023, 18:24:21 +, Signature-Inception: 01.03.2023, 18:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: deathshares.com
|
|
deathshares.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest veBSB+nV+zfZ1A21jsN3ODA/wVCSAYHG1mAa4YXT84c=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner deathshares.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 13.03.2023, 17:22:35 +, Signature-Inception: 06.03.2023, 17:12:35 +, KeyTag 36739, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 36739 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner deathshares.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 05.05.2023, 18:17:33 +, Signature-Inception: 05.03.2023, 18:17:33 +, KeyTag 2371, Signer-Name: deathshares.com
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "veBSB+nV+zfZ1A21jsN3ODA/wVCSAYHG1mAa4YXT84c=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 104.21.13.115
172.67.167.237
Validated: RRSIG-Owner deathshares.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 10.03.2023, 11:12:19 +, Signature-Inception: 08.03.2023, 09:12:19 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:_spf.mx.cloudflare.net ~all
google-site-verification=h78lZkz2lOS4BmUFDc5yr8sbWFBfUXQElaNPStxGOBI
Validated: RRSIG-Owner deathshares.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2606:4700:3035:0000:0000:0000:6815:0D73
2606:4700:3037:0000:0000:0000:AC43:A7ED
Validated: RRSIG-Owner deathshares.com., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|issuecomodoca.com
5|issuedigicert.com; cansignhttpexchanges=yes
5|issueletsencrypt.org
5|issuepki.goog; cansignhttpexchanges=yes
9|issuewildcomodoca.com
9|issuewilddigicert.com; cansignhttpexchanges=yes
9|issuewildletsencrypt.org
9|issuewildpki.goog; cansignhttpexchanges=yes
Validated: RRSIG-Owner deathshares.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "deathshares.com" equal the NSEC-owner "deathshares.com" and the NextOwner "\000.deathshares.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI, CAA Validated: RRSIG-Owner deathshares.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:19 +, Signature-Inception: 08.03.2023, 09:12:19 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.deathshares.com) sends a valid NSEC RR as result with the query name "_443._tcp.deathshares.com" equal the NSEC-owner "_443._tcp.deathshares.com" and the NextOwner "\000._443._tcp.deathshares.com". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner _443._tcp.deathshares.com., Algorithm: 13, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:19 +, Signature-Inception: 08.03.2023, 09:12:19 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.deathshares.com
|
|
www.deathshares.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.deathshares.com" and the NextOwner "\000.www.deathshares.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 104.21.13.115
172.67.167.237
Validated: RRSIG-Owner www.deathshares.com., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2606:4700:3035:0000:0000:0000:6815:0D73
2606:4700:3037:0000:0000:0000:AC43:A7ED
Validated: RRSIG-Owner www.deathshares.com., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "www.deathshares.com" equal the NSEC-owner "www.deathshares.com" and the NextOwner "\000.www.deathshares.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.deathshares.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "www.deathshares.com" equal the NSEC-owner "www.deathshares.com" and the NextOwner "\000.www.deathshares.com". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.deathshares.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:21 +, Signature-Inception: 08.03.2023, 09:12:21 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.deathshares.com) sends a valid NSEC RR as result with the query name "_443._tcp.www.deathshares.com" equal the NSEC-owner "_443._tcp.www.deathshares.com" and the NextOwner "\000._443._tcp.www.deathshares.com". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC Validated: RRSIG-Owner _443._tcp.www.deathshares.com., Algorithm: 13, 5 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:20 +, Signature-Inception: 08.03.2023, 09:12:20 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "www.deathshares.com" equal the NSEC-owner "www.deathshares.com" and the NextOwner "\000.www.deathshares.com". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner www.deathshares.com., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.03.2023, 11:12:21 +, Signature-Inception: 08.03.2023, 09:12:21 +, KeyTag 34505, Signer-Name: deathshares.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|