Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22545, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.11.2019, 00:00:00 +, Signature-Inception: 11.10.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: party
|
|
party
| 4 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner party., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 28.10.2019, 05:00:00 +, Signature-Inception: 15.10.2019, 04:00:00 +, KeyTag 22545, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22545 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 6 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 13510, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 16415, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20983, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 34145, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 41374, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 55170, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner party., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 11.11.2019, 17:27:47 +, Signature-Inception: 12.10.2019, 16:56:19 +, KeyTag 41374, Signer-Name: party
|
|
|
|
|
| RRSIG-Owner party., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 11.11.2019, 17:27:47 +, Signature-Inception: 12.10.2019, 16:56:19 +, KeyTag 55170, Signer-Name: party
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 41374 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 55170 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 41374, DigestType 1 and Digest "w5T7Fk818gPRa9+wfyfTcTtKRGU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 41374, DigestType 2 and Digest "fjiIOB1zbt+a75ukA/czan0Zk8Ht2ysupHbIGMcamoA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: spnati.party
|
|
spnati.party
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "hnlpa3t0q5326mrq2ssemsofnh9jvfp7" between the hashed NSEC3-owner "hncvh9uq88oivafcck2knpa6eef9skt7" and the hashed NextOwner "hnpbghoebegaqk483lpq63vo91bb7adq". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner hncvh9uq88oivafcck2knpa6eef9skt7.party., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 13.11.2019, 09:06:27 +, Signature-Inception: 14.10.2019, 08:17:40 +, KeyTag 55170, Signer-Name: party
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner spnati.party., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 08:16:54 +, Signature-Inception: 04.09.2019, 08:16:54 +, KeyTag 2371, Signer-Name: spnati.party
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| Error: DNSKEY 2371 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
Zone: git.spnati.party
|
|
git.spnati.party
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "git.spnati.party" and the NextOwner "\000.git.spnati.party". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, TLSA, HIP, 61, 99, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 104.27.180.63
104.27.181.63
Validated: RRSIG-Owner git.spnati.party., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 16.10.2019, 16:48:08 +, Signature-Inception: 14.10.2019, 14:48:08 +, KeyTag 34505, Signer-Name: spnati.party
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2606:4700:0030:0000:0000:0000:681B:B43F
2606:4700:0030:0000:0000:0000:681B:B53F
Validated: RRSIG-Owner git.spnati.party., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 16.10.2019, 16:48:08 +, Signature-Inception: 14.10.2019, 14:48:08 +, KeyTag 34505, Signer-Name: spnati.party
|
|
|
|
|
| RRSIG Type 47, expiration 2019-10-16 16:48:08 + validates the NSEC RR that proves the not-existence of the CNAME RR. Owner git.spnati.party, NextOwner: \000.git.spnati.party.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, TLSA, HIP, 61, 99, CAA
|
|
|
|
|
| RRSIG Type 47, expiration 2019-10-16 16:48:08 + validates the NSEC RR that proves the not-existence of the TXT RR. Owner git.spnati.party, NextOwner: \000.git.spnati.party.
Bitmap: A, 13, MX, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, TLSA, HIP, 61, 99, CAA
|
|
|
|
|
| RRSIG Type 47, expiration 2019-10-16 16:48:08 + validates the NSEC RR that proves the not-existence of the TLSA RR. Owner _443._tcp.git.spnati.party, NextOwner: \000._443._tcp.git.spnati.party.
Bitmap: RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-10-16 16:48:08 + validates the NSEC RR that proves the not-existence of the CAA RR. Owner git.spnati.party, NextOwner: \000.git.spnati.party.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, TLSA, HIP, 61, 99
|
|
|
Zone: www.git.spnati.party
|
|
www.git.spnati.party
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.git.spnati.party" and the NextOwner "\000.www.git.spnati.party". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: RRSIG, NSEC
|