Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26116, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.11.2020, 00:00:00 +, Signature-Inception: 31.10.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: at
|
|
at
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 19294, DigestType 2 and Digest j50KzXj/L4j1ZBwznwWGIiCu9Rpt9IADnI1NpPH4oOA=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 5321, DigestType 2 and Digest s/vQJLYUIxnAZHbQ/KU8LlvYlLGwO0wY6p4nvfs86vM=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner at., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 13.11.2020, 05:00:00 +, Signature-Inception: 31.10.2020, 04:00:00 +, KeyTag 26116, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26116 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5321, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 18441, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 19294, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner at., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 06.11.2020, 17:58:38 +, Signature-Inception: 24.10.2020, 16:02:34 +, KeyTag 5321, Signer-Name: at
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5321 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 5321, DigestType 2 and Digest "s/vQJLYUIxnAZHbQ/KU8LlvYlLGwO0wY6p4nvfs86vM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: encrypted.at
|
|
encrypted.at
| 3 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 24673, DigestType 1 and Digest AbfC7Mt/6JwD68S3Ya4ujf8LQBs=
|
|
|
|
|
| DS with Algorithm 13, KeyTag 24673, DigestType 2 and Digest HT5SiCxghOeCcTtzxfMGzk3X77kdnuU1RwWKl6kmsLo=
|
|
|
|
|
| DS with Algorithm 13, KeyTag 24673, DigestType 4 and Digest X3b4s5ARoXcuX8zY3MHVs5tTF9j3UiPae6XpRiaE7MkIDvEGoU2DoPDeNAu/jDL4
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner encrypted.at., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 08.11.2020, 23:07:53 +, Signature-Inception: 26.10.2020, 19:02:32 +, KeyTag 18441, Signer-Name: at
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 18441 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 24673, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner encrypted.at., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 24673 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 24673, DigestType 1 and Digest "AbfC7Mt/6JwD68S3Ya4ujf8LQBs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 24673, DigestType 2 and Digest "HT5SiCxghOeCcTtzxfMGzk3X77kdnuU1RwWKl6kmsLo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 24673, DigestType 4 and Digest "X3b4s5ARoXcuX8zY3MHVs5tTF9j3UiPae6XpRiaE7MkIDvEGoU2DoPDeNAu/jDL4" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 88.198.19.81
Validated: RRSIG-Owner encrypted.at., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 mx ~all
google-site-verification=FVbTHUTfWTmmZRzAuX9IrvucaMt3_25bflCZ38kJd74
Validated: RRSIG-Owner encrypted.at., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A01:04F8:0222:2C03:0000:0000:0000:0004
Validated: RRSIG-Owner encrypted.at., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|issueletsencrypt.org
Validated: RRSIG-Owner encrypted.at., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "uvkn97ciih9lro3etfme5vpehet5bgko" equal the hashed NSEC3-owner "uvkn97ciih9lro3etfme5vpehet5bgko" and the hashed NextOwner "v15291v83tjo01thqkii7v01mbsdhjgm". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner uvkn97ciih9lro3etfme5vpehet5bgko.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.encrypted.at) sends a valid NSEC3 RR as result with the hashed owner name "dc467vkmr3jknrm79h11q95jd9ant6pg" (unhashed: _tcp.encrypted.at). So that's the Closest Encloser of the query name.
Bitmap: No Bitmap? Validated: RRSIG-Owner dc467vkmr3jknrm79h11q95jd9ant6pg.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.encrypted.at) sends a valid NSEC3 RR as result with the hashed query name "l151147ubdgcauv9d68vk651rer1ldap" between the hashed NSEC3-owner "htaq819k30asm50j36d5u7g7vmskrhpb" and the hashed NextOwner "mfnf7og6t5dupa42j3j9fcp9hcg7t8vb". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner htaq819k30asm50j36d5u7g7vmskrhpb.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "tv6350vfgs851e2fumn3eg2c9m1ksl5p" (unhashed: *._tcp.encrypted.at) with the owner "q5a4f2mhlg0iogci4nvafeoa99f4cete" and the NextOwner "uvkn97ciih9lro3etfme5vpehet5bgko". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner q5a4f2mhlg0iogci4nvafeoa99f4cete.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.encrypted.at
|
|
www.encrypted.at
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "q5a4f2mhlg0iogci4nvafeoa99f4cete" between the hashed NSEC3-owner "q5a4f2mhlg0iogci4nvafeoa99f4cete" and the hashed NextOwner "uvkn97ciih9lro3etfme5vpehet5bgko". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner q5a4f2mhlg0iogci4nvafeoa99f4cete.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 88.198.19.81
Validated: RRSIG-Owner www.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A01:04F8:0222:2C03:0000:0000:0000:0004
Validated: RRSIG-Owner www.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "q5a4f2mhlg0iogci4nvafeoa99f4cete" equal the hashed NSEC3-owner "q5a4f2mhlg0iogci4nvafeoa99f4cete" and the hashed NextOwner "uvkn97ciih9lro3etfme5vpehet5bgko". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner q5a4f2mhlg0iogci4nvafeoa99f4cete.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "q5a4f2mhlg0iogci4nvafeoa99f4cete" equal the hashed NSEC3-owner "q5a4f2mhlg0iogci4nvafeoa99f4cete" and the hashed NextOwner "uvkn97ciih9lro3etfme5vpehet5bgko". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner q5a4f2mhlg0iogci4nvafeoa99f4cete.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.encrypted.at) sends a valid NSEC3 RR as result with the hashed owner name "q5a4f2mhlg0iogci4nvafeoa99f4cete" (unhashed: www.encrypted.at). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "q7qe510tvr6ae5rlgj6qrlbc5v1r2mkn" (unhashed: *.www.encrypted.at) with the owner "q5a4f2mhlg0iogci4nvafeoa99f4cete" and the NextOwner "uvkn97ciih9lro3etfme5vpehet5bgko". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner q5a4f2mhlg0iogci4nvafeoa99f4cete.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "396j6ufmje4m131pdl71gmp22kcsdrjk" (unhashed: _tcp.www.encrypted.at) with the owner "2fd6bpm1jhj8vgbj61a4rjk3pt05iu6s" and the NextOwner "3bu619vvnkdefc0t1j8l4cv7u7fmv48q". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: No Bitmap? Validated: RRSIG-Owner 2fd6bpm1jhj8vgbj61a4rjk3pt05iu6s.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "q5a4f2mhlg0iogci4nvafeoa99f4cete" equal the hashed NSEC3-owner "q5a4f2mhlg0iogci4nvafeoa99f4cete" and the hashed NextOwner "uvkn97ciih9lro3etfme5vpehet5bgko". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner q5a4f2mhlg0iogci4nvafeoa99f4cete.encrypted.at., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.11.2020, 00:00:00 +, Signature-Inception: 22.10.2020, 00:00:00 +, KeyTag 24673, Signer-Name: encrypted.at
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|