Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 42351, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.02.2021, 00:00:00 +, Signature-Inception: 31.01.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: fr
|
|
fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 35095, DigestType 2 and Digest I8bKrcmSfumAYfK1LJuNprU/P2SPgUpKhqD6+YQ+LE4=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.02.2021, 17:00:00 +, Signature-Inception: 09.02.2021, 16:00:00 +, KeyTag 42351, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 42351 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 35095, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 58204, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 172800 sec, Signature-expiration: 28.02.2021, 21:50:08 +, Signature-Inception: 04.01.2021, 05:27:10 +, KeyTag 35095, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35095 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35095, DigestType 2 and Digest "I8bKrcmSfumAYfK1LJuNprU/P2SPgUpKhqD6+YQ+LE4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: communaute-paysbasque.fr
|
|
communaute-paysbasque.fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 7, KeyTag 61653, DigestType 2 and Digest 9fB3tcMsisgPJxtg9s7CR24gUuXMGiN01lq8hQaLqSQ=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner communaute-paysbasque.fr., Algorithm: 8, 2 Labels, original TTL: 172800 sec, Signature-expiration: 31.03.2021, 19:35:52 +, Signature-Inception: 30.01.2021, 18:45:59 +, KeyTag 58204, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 58204 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 5687, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 61653, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner communaute-paysbasque.fr., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| RRSIG-Owner communaute-paysbasque.fr., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 61653, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 5687 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 61653 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 61653, DigestType 2 and Digest "9fB3tcMsisgPJxtg9s7CR24gUuXMGiN01lq8hQaLqSQ=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: elmn.communaute-paysbasque.fr
|
|
elmn.communaute-paysbasque.fr
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "gbpattko9599c67st8m70kpkcrl55662" between the hashed NSEC3-owner "gbpattko9599c67st8m70kpkcrl55662" and the hashed NextOwner "gd98asp5k9fsbabd8d3uh08ms6cdp1r5". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 193.142.131.34
Validated: RRSIG-Owner elmn.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "gbpattko9599c67st8m70kpkcrl55662" equal the hashed NSEC3-owner "gbpattko9599c67st8m70kpkcrl55662" and the hashed NextOwner "gd98asp5k9fsbabd8d3uh08ms6cdp1r5". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "gbpattko9599c67st8m70kpkcrl55662" equal the hashed NSEC3-owner "gbpattko9599c67st8m70kpkcrl55662" and the hashed NextOwner "gd98asp5k9fsbabd8d3uh08ms6cdp1r5". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "gbpattko9599c67st8m70kpkcrl55662" equal the hashed NSEC3-owner "gbpattko9599c67st8m70kpkcrl55662" and the hashed NextOwner "gd98asp5k9fsbabd8d3uh08ms6cdp1r5". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.elmn.communaute-paysbasque.fr) sends a valid NSEC3 RR as result with the hashed owner name "gbpattko9599c67st8m70kpkcrl55662" (unhashed: elmn.communaute-paysbasque.fr). So that's the Closest Encloser of the query name.
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "q8tdheso064qk3nvu12dk8ch2ki8r2vk" (unhashed: _tcp.elmn.communaute-paysbasque.fr) with the owner "q3q9mgka29l44kjct31t41lgvdur58nu" and the NextOwner "qqpccdui1d1k04vsu7i8a7lk4jslvm42". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner q3q9mgka29l44kjct31t41lgvdur58nu.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "c92plrbrlqcqa13iv79r14955pms9tec" (unhashed: *.elmn.communaute-paysbasque.fr) with the owner "bt2pn8f4gue9c8212cjeictsn0ma5rkv" and the NextOwner "ce2r8auotolsl5du2abm4quf3cms6dd8". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner bt2pn8f4gue9c8212cjeictsn0ma5rkv.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "gbpattko9599c67st8m70kpkcrl55662" equal the hashed NSEC3-owner "gbpattko9599c67st8m70kpkcrl55662" and the hashed NextOwner "gd98asp5k9fsbabd8d3uh08ms6cdp1r5". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.elmn.communaute-paysbasque.fr
|
|
www.elmn.communaute-paysbasque.fr
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "lbistbannuippqg44p3ca04k76onjefo" between the hashed NSEC3-owner "l9u2ps78nhcgvfo3elabo3u5vos7vfmh" and the hashed NextOwner "lu7vv5gvdhq3bn258f46h471ahvcjph0". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner l9u2ps78nhcgvfo3elabo3u5vos7vfmh.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "gbpattko9599c67st8m70kpkcrl55662" as Owner. That's the Hash of "elmn.communaute-paysbasque.fr" with the NextHashedOwnerName "gd98asp5k9fsbabd8d3uh08ms6cdp1r5". So that domain name is the Closest Encloser of "www.elmn.communaute-paysbasque.fr". Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner gbpattko9599c67st8m70kpkcrl55662.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|
|
|
|
|
| The ClosestEncloser says, that "*.elmn.communaute-paysbasque.fr" with the Hash "c92plrbrlqcqa13iv79r14955pms9tec" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "bt2pn8f4gue9c8212cjeictsn0ma5rkv" and the Next Owner "ce2r8auotolsl5du2abm4quf3cms6dd8", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner bt2pn8f4gue9c8212cjeictsn0ma5rkv.communaute-paysbasque.fr., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 19.02.2021, 09:55:13 +, Signature-Inception: 20.01.2021, 09:55:13 +, KeyTag 5687, Signer-Name: communaute-paysbasque.fr
|