Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 11019, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 30.09.2023, 00:00:00 +, Signature-Inception: 09.09.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: sg
|
|
sg
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 46664, DigestType 2 and Digest uelSK540X9VOc+jr89PP/5oJGJ/tA/UQbY7j40X7gLU=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner sg., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 30.09.2023, 17:00:00 +, Signature-Inception: 17.09.2023, 16:00:00 +, KeyTag 11019, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 11019 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 10728, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46664, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 51258, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner sg., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 07.10.2023, 23:59:59 +, Signature-Inception: 07.09.2023, 00:00:00 +, KeyTag 46664, Signer-Name: sg
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46664 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 46664, DigestType 2 and Digest "uelSK540X9VOc+jr89PP/5oJGJ/tA/UQbY7j40X7gLU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gov.sg
|
|
gov.sg
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 7690, DigestType 2 and Digest ox80NKTt+VziR1nRQa/ETwz29xYY040wLRj2yb8ZOeM=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner gov.sg., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.10.2023, 01:14:29 +, Signature-Inception: 18.09.2023, 01:14:29 +, KeyTag 51258, Signer-Name: sg
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 51258 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7690, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 9279, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 57570, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner gov.sg., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 07.10.2023, 23:59:59 +, Signature-Inception: 07.09.2023, 00:00:00 +, KeyTag 7690, Signer-Name: gov.sg
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7690 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7690, DigestType 2 and Digest "ox80NKTt+VziR1nRQa/ETwz29xYY040wLRj2yb8ZOeM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: hsacorp.gov.sg
|
|
hsacorp.gov.sg
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "nl7eh28itachejl1pljtmp1qq82a1rn7" between the hashed NSEC3-owner "nkha4vfq0heop25kl0hnroeku42tr522" and the hashed NextOwner "nmhik9n03crjul1q8fgtnrk9nuio7pfm". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner nkha4vfq0heop25kl0hnroeku42tr522.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ot8oqnv5se8issacftgpudtf9bugk6cp" as Owner. That's the Hash of "gov.sg" with the NextHashedOwnerName "otei6i5rtn0cnu8e6g01qjm2hvmkbecj". So that domain name is the Closest Encloser of "hsacorp.gov.sg". Opt-Out: True.
Bitmap: A, NS, SOA, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ot8oqnv5se8issacftgpudtf9bugk6cp.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|
|
|
|
|
| The ClosestEncloser says, that "*.gov.sg" with the Hash "g0odq00kvvqrgi9a3icaee297841vqvr" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "g0jph5j7bcr3cdghqi6enb7cibrlpt91" and the Next Owner "g3fk2qfdmfcagsi0orsjm1rq6d42a0ri", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: True
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner g0jph5j7bcr3cdghqi6enb7cibrlpt91.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|
|
|
Zone: fiona2.hsacorp.gov.sg
|
|
fiona2.hsacorp.gov.sg
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ot8oqnv5se8issacftgpudtf9bugk6cp" as Owner. That's the Hash of "gov.sg" with the NextHashedOwnerName "otei6i5rtn0cnu8e6g01qjm2hvmkbecj". So that domain name is the Closest Encloser of "fiona2.hsacorp.gov.sg". Opt-Out: True.
Bitmap: A, NS, SOA, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ot8oqnv5se8issacftgpudtf9bugk6cp.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|
|
|
|
|
| The ClosestEncloser says, that "*.gov.sg" with the Hash "g0odq00kvvqrgi9a3icaee297841vqvr" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "g0jph5j7bcr3cdghqi6enb7cibrlpt91" and the Next Owner "g3fk2qfdmfcagsi0orsjm1rq6d42a0ri", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: True
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner g0jph5j7bcr3cdghqi6enb7cibrlpt91.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|
|
|
Zone: www.fiona2.hsacorp.gov.sg
|
|
www.fiona2.hsacorp.gov.sg
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ot8oqnv5se8issacftgpudtf9bugk6cp" as Owner. That's the Hash of "gov.sg" with the NextHashedOwnerName "otei6i5rtn0cnu8e6g01qjm2hvmkbecj". So that domain name is the Closest Encloser of "www.fiona2.hsacorp.gov.sg". Opt-Out: True.
Bitmap: A, NS, SOA, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ot8oqnv5se8issacftgpudtf9bugk6cp.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|
|
|
|
|
| The ClosestEncloser says, that "*.gov.sg" with the Hash "g0odq00kvvqrgi9a3icaee297841vqvr" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "g0jph5j7bcr3cdghqi6enb7cibrlpt91" and the Next Owner "g3fk2qfdmfcagsi0orsjm1rq6d42a0ri", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: True
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner g0jph5j7bcr3cdghqi6enb7cibrlpt91.gov.sg., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 18.10.2023, 01:14:28 +, Signature-Inception: 18.09.2023, 01:14:28 +, KeyTag 57570, Signer-Name: gov.sg
|