Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14631, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.05.2021, 00:00:00 +, Signature-Inception: 01.05.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: de
|
|
de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 45580, DigestType 2 and Digest kYwy4vEiEXZr5iJmdPRHRY8iWbmg2HtE0p1Vr+ymsuE=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.05.2021, 20:00:00 +, Signature-Inception: 10.05.2021, 19:00:00 +, KeyTag 14631, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14631 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 31965, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 45580, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 20.05.2021, 08:44:34 +, Signature-Inception: 06.05.2021, 07:14:34 +, KeyTag 45580, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 45580 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 45580, DigestType 2 and Digest "kYwy4vEiEXZr5iJmdPRHRY8iWbmg2HtE0p1Vr+ymsuE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: georg-ledermann.de
|
|
georg-ledermann.de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 15090, DigestType 2 and Digest 0OQLw39mPVowIJyRlActrWr8zB1UvrOurtbt5mj4ML0=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner georg-ledermann.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.05.2021, 08:44:34 +, Signature-Inception: 06.05.2021, 07:14:34 +, KeyTag 31965, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 31965 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 15090, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner georg-ledermann.de., Algorithm: 13, 2 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 15090 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 15090, DigestType 2 and Digest "0OQLw39mPVowIJyRlActrWr8zB1UvrOurtbt5mj4ML0=" validates local Key with the same values
|
|
|
Zone: docker-rails.georg-ledermann.de
|
|
docker-rails.georg-ledermann.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "6ncc3jot6gfo6o40kjuue77dtbtbui1l" between the hashed NSEC3-owner "6ncc3jot6gfo6o40kjuue77dtbtbui1l" and the hashed NextOwner "6ncc3jot6gfo6o40kjuue77dtbtbui1m". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner 6ncc3jot6gfo6o40kjuue77dtbtbui1l.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 116.203.125.190
Validated: RRSIG-Owner docker-rails.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:spf.sendinblue.com mx ~all
Sendinblue-code:37d9b1c8901bd46bee2f3f10b29ed9e3
Validated: RRSIG-Owner docker-rails.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A01:04F8:0C2C:2088:0000:0000:0000:0001
Validated: RRSIG-Owner docker-rails.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "6ncc3jot6gfo6o40kjuue77dtbtbui1l" equal the hashed NSEC3-owner "6ncc3jot6gfo6o40kjuue77dtbtbui1l" and the hashed NextOwner "6ncc3jot6gfo6o40kjuue77dtbtbui1m". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner 6ncc3jot6gfo6o40kjuue77dtbtbui1l.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.docker-rails.georg-ledermann.de) sends a valid NSEC3 RR as result with the hashed owner name "6ncc3jot6gfo6o40kjuue77dtbtbui1l" (unhashed: docker-rails.georg-ledermann.de). So that's the Closest Encloser of the query name.
Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner 6ncc3jot6gfo6o40kjuue77dtbtbui1l.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "ttqhuhglsi6s5rpknj3l8cuf12g1lvmm" (unhashed: _tcp.docker-rails.georg-ledermann.de) with the owner "ttqhuhglsi6s5rpknj3l8cuf12g1lvml" and the NextOwner "ttqhuhglsi6s5rpknj3l8cuf12g1lvmn". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: No Bitmap? Validated: RRSIG-Owner ttqhuhglsi6s5rpknj3l8cuf12g1lvml.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "5cfmma6ujk7m6d8tkje0pu6ht0o02vdh" (unhashed: *.docker-rails.georg-ledermann.de) with the owner "5cfmma6ujk7m6d8tkje0pu6ht0o02vdg" and the NextOwner "5cfmma6ujk7m6d8tkje0pu6ht0o02vdi". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: No Bitmap? Validated: RRSIG-Owner 5cfmma6ujk7m6d8tkje0pu6ht0o02vdg.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "6ncc3jot6gfo6o40kjuue77dtbtbui1l" equal the hashed NSEC3-owner "6ncc3jot6gfo6o40kjuue77dtbtbui1l" and the hashed NextOwner "6ncc3jot6gfo6o40kjuue77dtbtbui1m". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner 6ncc3jot6gfo6o40kjuue77dtbtbui1l.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.docker-rails.georg-ledermann.de
|
|
www.docker-rails.georg-ledermann.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "sql23be8nmemk5ip2j8hl67aqbnfptc9" between the hashed NSEC3-owner "sql23be8nmemk5ip2j8hl67aqbnfptc8" and the hashed NextOwner "sql23be8nmemk5ip2j8hl67aqbnfptca". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: No Bitmap? Validated: RRSIG-Owner sql23be8nmemk5ip2j8hl67aqbnfptc8.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "6ncc3jot6gfo6o40kjuue77dtbtbui1l" as Owner. That's the Hash of "docker-rails.georg-ledermann.de" with the NextHashedOwnerName "6ncc3jot6gfo6o40kjuue77dtbtbui1m". So that domain name is the Closest Encloser of "www.docker-rails.georg-ledermann.de". Opt-Out: False.
Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner 6ncc3jot6gfo6o40kjuue77dtbtbui1l.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|
|
|
|
|
| The ClosestEncloser says, that "*.docker-rails.georg-ledermann.de" with the Hash "5cfmma6ujk7m6d8tkje0pu6ht0o02vdh" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "5cfmma6ujk7m6d8tkje0pu6ht0o02vdg" and the Next Owner "5cfmma6ujk7m6d8tkje0pu6ht0o02vdi", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: No Bitmap? Validated: RRSIG-Owner 5cfmma6ujk7m6d8tkje0pu6ht0o02vdg.georg-ledermann.de., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 20.05.2021, 00:00:00 +, Signature-Inception: 29.04.2021, 00:00:00 +, KeyTag 15090, Signer-Name: georg-ledermann.de
|