Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26838, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.08.2021, 00:00:00 +, Signature-Inception: 31.07.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 14.08.2021, 05:00:00 +, Signature-Inception: 01.08.2021, 04:00:00 +, KeyTag 26838, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26838 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 39343, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 13.08.2021, 18:24:21 +, Signature-Inception: 29.07.2021, 18:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: peer5.com
|
|
peer5.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "qi0dura6b6j7q1mqftggfv1b30ifa2id" between the hashed NSEC3-owner "qi0dsldsmn8un7d5afam4lvgd8sidq7s" and the hashed NextOwner "qi0erpeval13f2vb74ahv8n74sdt86gb". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner qi0dsldsmn8un7d5afam4lvgd8sidq7s.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 06.08.2021, 05:10:00 +, Signature-Inception: 30.07.2021, 04:00:00 +, KeyTag 39343, Signer-Name: com
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q1gin43n1arrc9osm6qpqr81h5m9a". So that domain name is the Closest Encloser of "peer5.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 08.08.2021, 04:24:50 +, Signature-Inception: 01.08.2021, 03:14:50 +, KeyTag 39343, Signer-Name: com
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: globe.peer5.com
|
|
globe.peer5.com
| 0 DS RR in the parent zone found
|
|
|
Zone: www.globe.peer5.com
|
|
www.globe.peer5.com
| 0 DS RR in the parent zone found
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26838, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.08.2021, 00:00:00 +, Signature-Inception: 31.07.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: net
|
|
net
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 14.08.2021, 05:00:00 +, Signature-Inception: 01.08.2021, 04:00:00 +, KeyTag 26838, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26838 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 35886, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 65378, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner net., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.08.2021, 16:28:30 +, Signature-Inception: 28.07.2021, 16:23:30 +, KeyTag 35886, Signer-Name: net
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35886 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35886, DigestType 2 and Digest "eGKyf19Rbr4ZaARE1M5edimBkxhCxGXwAjZAHYvZc+4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cloudflare.net
|
|
cloudflare.net
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest kPcQoQfaUe14El0wpocEzzwDCK/QG/zXBX1L0Dtixos=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner cloudflare.net., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 06.08.2021, 05:37:18 +, Signature-Inception: 30.07.2021, 04:27:18 +, KeyTag 65378, Signer-Name: net
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 65378 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner cloudflare.net., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 20.08.2021, 03:41:26 +, Signature-Inception: 21.06.2021, 03:41:26 +, KeyTag 2371, Signer-Name: cloudflare.net
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "kPcQoQfaUe14El0wpocEzzwDCK/QG/zXBX1L0Dtixos=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cdn.cloudflare.net
|
|
cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "cdn.cloudflare.net" and the NextOwner "\000.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: com.cdn.cloudflare.net
|
|
com.cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "com.cdn.cloudflare.net" and the NextOwner "\000.com.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: peer5.com.cdn.cloudflare.net
|
|
peer5.com.cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "peer5.com.cdn.cloudflare.net" and the NextOwner "\000.peer5.com.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: globe.peer5.com.cdn.cloudflare.net
|
|
globe.peer5.com.cdn.cloudflare.net
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "globe.peer5.com.cdn.cloudflare.net" and the NextOwner "\000.globe.peer5.com.cdn.cloudflare.net". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 104.18.28.206
104.18.29.206
Validated: RRSIG-Owner globe.peer5.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 300 sec, Signature-expiration: 02.08.2021, 14:08:42 +, Signature-Inception: 31.07.2021, 12:08:42 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2606:4700:0000:0000:0000:0000:6812:1CCE
2606:4700:0000:0000:0000:0000:6812:1DCE
Validated: RRSIG-Owner globe.peer5.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 300 sec, Signature-expiration: 02.08.2021, 14:08:42 +, Signature-Inception: 31.07.2021, 12:08:42 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "globe.peer5.com.cdn.cloudflare.net" equal the NSEC-owner "globe.peer5.com.cdn.cloudflare.net" and the NextOwner "\000.globe.peer5.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI, CAA Validated: RRSIG-Owner globe.peer5.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 3600 sec, Signature-expiration: 02.08.2021, 14:08:42 +, Signature-Inception: 31.07.2021, 12:08:42 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "globe.peer5.com.cdn.cloudflare.net" equal the NSEC-owner "globe.peer5.com.cdn.cloudflare.net" and the NextOwner "\000.globe.peer5.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI, CAA Validated: RRSIG-Owner globe.peer5.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 3600 sec, Signature-expiration: 02.08.2021, 14:08:42 +, Signature-Inception: 31.07.2021, 12:08:42 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.globe.peer5.com.cdn.cloudflare.net) sends a valid NSEC RR as result with the query name "_443._tcp.globe.peer5.com.cdn.cloudflare.net" equal the NSEC-owner "_443._tcp.globe.peer5.com.cdn.cloudflare.net" and the NextOwner "\000._443._tcp.globe.peer5.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, 53, HIP, 61, 64, 65, 99, URI, CAA Validated: RRSIG-Owner _443._tcp.globe.peer5.com.cdn.cloudflare.net., Algorithm: 13, 8 Labels, original TTL: 3600 sec, Signature-expiration: 02.08.2021, 14:08:42 +, Signature-Inception: 31.07.2021, 12:08:42 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "globe.peer5.com.cdn.cloudflare.net" equal the NSEC-owner "globe.peer5.com.cdn.cloudflare.net" and the NextOwner "\000.globe.peer5.com.cdn.cloudflare.net". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, 99, URI Validated: RRSIG-Owner globe.peer5.com.cdn.cloudflare.net., Algorithm: 13, 6 Labels, original TTL: 3600 sec, Signature-expiration: 02.08.2021, 14:08:42 +, Signature-Inception: 31.07.2021, 12:08:42 +, KeyTag 34505, Signer-Name: cloudflare.net
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|