Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46594, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 31.08.2020, 00:00:00 +, Signature-Inception: 10.08.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: my
|
|
my
| 4 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 174, DigestType 1 and Digest 5h7/HK9viW2HU48dxW24EGCkHWo=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 174, DigestType 2 and Digest +54vEPUKCeNhSp5qLHbBrnVUcR5SQrf1FqgHjYbth7k=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 35481, DigestType 1 and Digest id55MOMJZuT92+HBECZne/1LXtY=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 35481, DigestType 2 and Digest rlVaQPa9tIjrAlgipxyRyU4fM5/dceA4ZWHDxLfSsZg=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner my., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.08.2020, 05:00:00 +, Signature-Inception: 11.08.2020, 04:00:00 +, KeyTag 46594, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46594 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 4 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 174, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 3752, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 35481, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 39045, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner my., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2020, 01:35:33 +, Signature-Inception: 09.08.2020, 03:51:41 +, KeyTag 174, Signer-Name: my
|
|
|
|
|
| RRSIG-Owner my., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2020, 01:35:33 +, Signature-Inception: 09.08.2020, 03:51:41 +, KeyTag 35481, Signer-Name: my
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 174 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35481 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 174, DigestType 1 and Digest "5h7/HK9viW2HU48dxW24EGCkHWo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 174, DigestType 2 and Digest "+54vEPUKCeNhSp5qLHbBrnVUcR5SQrf1FqgHjYbth7k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35481, DigestType 1 and Digest "id55MOMJZuT92+HBECZne/1LXtY=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35481, DigestType 2 and Digest "rlVaQPa9tIjrAlgipxyRyU4fM5/dceA4ZWHDxLfSsZg=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gov.my
|
|
gov.my
| 4 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 6396, DigestType 1 and Digest NrnXIcEU8PaDdsI/f3lTscwjOBg=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 6396, DigestType 2 and Digest /2apkX/1benQhzmyK2DzvRo5lCsJ28d8XWryzYl1wDc=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 13296, DigestType 1 and Digest ByZLGYx/JXQmYbNhon2HAeB0trs=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 13296, DigestType 2 and Digest y4kMRAxgpHesSzv0RCueo5EzLFHYl2P7vtFV8upoRAA=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner gov.my., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 07.09.2020, 12:54:14 +, Signature-Inception: 08.08.2020, 21:00:43 +, KeyTag 3752, Signer-Name: my
|
|
|
|
|
| RRSIG-Owner gov.my., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 08.09.2020, 22:53:00 +, Signature-Inception: 09.08.2020, 09:42:41 +, KeyTag 39045, Signer-Name: my
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 3752 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39045 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 4 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 6396, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 8859, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 9503, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 13296, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner gov.my., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2020, 08:32:35 +, Signature-Inception: 08.08.2020, 20:36:10 +, KeyTag 6396, Signer-Name: gov.my
|
|
|
|
|
| RRSIG-Owner gov.my., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.09.2020, 08:32:35 +, Signature-Inception: 08.08.2020, 20:36:10 +, KeyTag 13296, Signer-Name: gov.my
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 6396 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 13296 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 6396, DigestType 1 and Digest "NrnXIcEU8PaDdsI/f3lTscwjOBg=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 6396, DigestType 2 and Digest "/2apkX/1benQhzmyK2DzvRo5lCsJ28d8XWryzYl1wDc=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 13296, DigestType 1 and Digest "ByZLGYx/JXQmYbNhon2HAeB0trs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 13296, DigestType 2 and Digest "y4kMRAxgpHesSzv0RCueo5EzLFHYl2P7vtFV8upoRAA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: mampu.gov.my
|
|
mampu.gov.my
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 51646, DigestType 1 and Digest cSSj3K520WzbsC5ZWAWkV1/2TSo=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 51646, DigestType 2 and Digest 77pL75WXiLaeCeAnLL3TJVTu5QjLmKsu3ZVSAjI/j4k=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner mampu.gov.my., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 07.09.2020, 21:40:14 +, Signature-Inception: 09.08.2020, 05:36:10 +, KeyTag 8859, Signer-Name: gov.my
|
|
|
|
|
| RRSIG-Owner mampu.gov.my., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.09.2020, 05:11:37 +, Signature-Inception: 09.08.2020, 04:54:10 +, KeyTag 9503, Signer-Name: gov.my
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 8859 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 9503 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20778, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 51646, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner mampu.gov.my., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| RRSIG-Owner mampu.gov.my., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 51646, Signer-Name: mampu.gov.my
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20778 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 51646 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 51646, DigestType 1 and Digest "cSSj3K520WzbsC5ZWAWkV1/2TSo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 51646, DigestType 2 and Digest "77pL75WXiLaeCeAnLL3TJVTu5QjLmKsu3ZVSAjI/j4k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gpki.mampu.gov.my
|
|
gpki.mampu.gov.my
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "c96aj884faumdl5rsnt1b7lm6f384dra" between the hashed NSEC3-owner "c96aj884faumdl5rsnt1b7lm6f384dra" and the hashed NextOwner "c9d9545mfercoc1tu16l4o583pf17pni". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 203.217.178.58
Validated: RRSIG-Owner gpki.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "c96aj884faumdl5rsnt1b7lm6f384dra" equal the hashed NSEC3-owner "c96aj884faumdl5rsnt1b7lm6f384dra" and the hashed NextOwner "c9d9545mfercoc1tu16l4o583pf17pni". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "c96aj884faumdl5rsnt1b7lm6f384dra" equal the hashed NSEC3-owner "c96aj884faumdl5rsnt1b7lm6f384dra" and the hashed NextOwner "c9d9545mfercoc1tu16l4o583pf17pni". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "c96aj884faumdl5rsnt1b7lm6f384dra" equal the hashed NSEC3-owner "c96aj884faumdl5rsnt1b7lm6f384dra" and the hashed NextOwner "c9d9545mfercoc1tu16l4o583pf17pni". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.gpki.mampu.gov.my) sends a valid NSEC3 RR as result with the hashed owner name "c96aj884faumdl5rsnt1b7lm6f384dra" (unhashed: gpki.mampu.gov.my). So that's the Closest Encloser of the query name.
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "pists2crc7k53p1dv1d3r2t6eh9tmsau" (unhashed: _tcp.gpki.mampu.gov.my) with the owner "pgrlr01r93g4b1gs6d8di2a8gsk02vhk" and the NextOwner "pkk5kal2ghuhl326m33vskest1ead2np". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: A, RRSIG Validated: RRSIG-Owner pgrlr01r93g4b1gs6d8di2a8gsk02vhk.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "nma4rubeq3305rteitdln22serd846un" (unhashed: *.gpki.mampu.gov.my) with the owner "nh5333atndrr0r3n2ojocv6o2jlamiic" and the NextOwner "np6q0f680lq5sq76einf53o3kb3o2n3l". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, RRSIG Validated: RRSIG-Owner nh5333atndrr0r3n2ojocv6o2jlamiic.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "c96aj884faumdl5rsnt1b7lm6f384dra" equal the hashed NSEC3-owner "c96aj884faumdl5rsnt1b7lm6f384dra" and the hashed NextOwner "c9d9545mfercoc1tu16l4o583pf17pni". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.gpki.mampu.gov.my
|
|
www.gpki.mampu.gov.my
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "lf8m7ma0t455q6c1ifrgpv91ie1lrnnn" between the hashed NSEC3-owner "l2mluueff6esmm8748irkl15pat85l2h" and the hashed NextOwner "lh3v8e5fk772u45pdqm0lkmomqrpl9nk". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: SRV, RRSIG Validated: RRSIG-Owner l2mluueff6esmm8748irkl15pat85l2h.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "c96aj884faumdl5rsnt1b7lm6f384dra" as Owner. That's the Hash of "gpki.mampu.gov.my" with the NextHashedOwnerName "c9d9545mfercoc1tu16l4o583pf17pni". So that domain name is the Closest Encloser of "www.gpki.mampu.gov.my". Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner c96aj884faumdl5rsnt1b7lm6f384dra.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|
|
|
|
|
| The ClosestEncloser says, that "*.gpki.mampu.gov.my" with the Hash "nma4rubeq3305rteitdln22serd846un" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "nh5333atndrr0r3n2ojocv6o2jlamiic" and the Next Owner "np6q0f680lq5sq76einf53o3kb3o2n3l", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner nh5333atndrr0r3n2ojocv6o2jlamiic.mampu.gov.my., Algorithm: 8, 4 Labels, original TTL: 3600 sec, Signature-expiration: 10.09.2020, 03:47:08 +, Signature-Inception: 11.08.2020, 03:47:08 +, KeyTag 20778, Signer-Name: mampu.gov.my
|