Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 48903, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.05.2020, 00:00:00 +, Signature-Inception: 01.05.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: fr
|
|
fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 14.05.2020, 05:00:00 +, Signature-Inception: 01.05.2020, 04:00:00 +, KeyTag 48903, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 48903 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 29173, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 35095, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 172800 sec, Signature-expiration: 22.05.2020, 08:06:32 +, Signature-Inception: 23.03.2020, 08:06:32 +, KeyTag 35095, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35095 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35095, DigestType 2 and Digest "I8bKrcmSfumAYfK1LJuNprU/P2SPgUpKhqD6+YQ+LE4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: drbn.fr
|
|
drbn.fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner drbn.fr., Algorithm: 8, 2 Labels, original TTL: 172800 sec, Signature-expiration: 04.05.2020, 14:56:05 +, Signature-Inception: 05.03.2020, 14:56:05 +, KeyTag 29173, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 29173 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 28686, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 56894, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner drbn.fr., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 31.05.2020, 12:27:10 +, Signature-Inception: 01.05.2020, 12:27:10 +, KeyTag 28686, Signer-Name: drbn.fr
|
|
|
|
|
| RRSIG-Owner drbn.fr., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 31.05.2020, 12:27:10 +, Signature-Inception: 01.05.2020, 12:27:10 +, KeyTag 56894, Signer-Name: drbn.fr
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 28686 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 56894 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 28686, DigestType 2 and Digest "lBgGQ6CxcB4Dvd7YQmXt7nZKgI/ujpyKCm1FK04dq2g=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 163.172.87.30
Validated: RRSIG-Owner drbn.fr., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 31.05.2020, 12:27:10 +, Signature-Inception: 01.05.2020, 12:27:10 +, KeyTag 56894, Signer-Name: drbn.fr
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:0BC8:22AD:0100:0000:0000:0000:0001
Validated: RRSIG-Owner drbn.fr., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 31.05.2020, 12:27:10 +, Signature-Inception: 01.05.2020, 12:27:10 +, KeyTag 56894, Signer-Name: drbn.fr
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|issue;
9|issuewildletsencrypt.org
Validated: RRSIG-Owner drbn.fr., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 31.05.2020, 12:27:10 +, Signature-Inception: 01.05.2020, 12:27:10 +, KeyTag 56894, Signer-Name: drbn.fr
|
|
|
|
|
| RRSIG Type 50, expiration 2020-05-31 12:27:10 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2020-05-31 12:27:10 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, NS, SOA, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2020-05-31 12:27:10 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, NS, SOA, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
Zone: www.drbn.fr
|
|
www.drbn.fr
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "k4rqlsvfh3ldmg0n113ns9phaq23l203" between the hashed NSEC3-owner "hlvquk7prvpuq8qe9683keu5dl1tv1k1" and the hashed NextOwner "pfrveg3l2aq6cglqs3j9svfvn8kv8048". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner hlvquk7prvpuq8qe9683keu5dl1tv1k1.drbn.fr., Algorithm: 7, 3 Labels, original TTL: 86400 sec, Signature-expiration: 31.05.2020, 12:27:10 +, Signature-Inception: 01.05.2020, 12:27:10 +, KeyTag 56894, Signer-Name: drbn.fr
|