Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26116, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46594, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.10.2020, 00:00:00 +, Signature-Inception: 01.10.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: de
|
|
de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 45580, DigestType 2 and Digest kYwy4vEiEXZr5iJmdPRHRY8iWbmg2HtE0p1Vr+ymsuE=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.10.2020, 17:00:00 +, Signature-Inception: 04.10.2020, 16:00:00 +, KeyTag 26116, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26116 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30900, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 45580, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 13.10.2020, 11:21:35 +, Signature-Inception: 29.09.2020, 09:51:35 +, KeyTag 45580, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 45580 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 45580, DigestType 2 and Digest "kYwy4vEiEXZr5iJmdPRHRY8iWbmg2HtE0p1Vr+ymsuE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: h6p.de
|
|
h6p.de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 7, KeyTag 46260, DigestType 2 and Digest viGPgvUHWB0fWsDsHlQ2EgFrtTbUrRMS2W/r7df8S7o=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner h6p.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 13.10.2020, 22:39:58 +, Signature-Inception: 29.09.2020, 21:09:58 +, KeyTag 30900, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30900 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 10613, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 46260, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner h6p.de., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2020, 21:01:34 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| RRSIG-Owner h6p.de., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2020, 19:50:17 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 46260, Signer-Name: h6p.de
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 10613 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 46260 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 46260, DigestType 2 and Digest "viGPgvUHWB0fWsDsHlQ2EgFrtTbUrRMS2W/r7df8S7o=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 37.120.185.72
Validated: RRSIG-Owner h6p.de., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2020, 19:36:42 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A03:4000:000F:0656:0002:0000:0000:0007
Validated: RRSIG-Owner h6p.de., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2020, 22:42:41 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:security@heinop.de
5|issueletsencrypt.org
9|issuewild;
Validated: RRSIG-Owner h6p.de., Algorithm: 7, 2 Labels, original TTL: 172800 sec, Signature-expiration: 09.10.2020, 19:54:57 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "0plms9g1odbeqbeqorj8im0n2eekjaaq" equal the hashed NSEC3-owner "0plms9g1odbeqbeqorj8im0n2eekjaaq" and the hashed NextOwner "ab8r0mpp3qdalu9r45h0uaoi13k38jss". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner 0plms9g1odbeqbeqorj8im0n2eekjaaq.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 19:26:13 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "0plms9g1odbeqbeqorj8im0n2eekjaaq" equal the hashed NSEC3-owner "0plms9g1odbeqbeqorj8im0n2eekjaaq" and the hashed NextOwner "ab8r0mpp3qdalu9r45h0uaoi13k38jss". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner 0plms9g1odbeqbeqorj8im0n2eekjaaq.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 19:26:13 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.h6p.de) sends a valid NSEC3 RR as result with the hashed owner name "0plms9g1odbeqbeqorj8im0n2eekjaaq" (unhashed: h6p.de). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "1knkclhsajth7vg2acqh4p846t1h28qt" (unhashed: _tcp.h6p.de) with the owner "0plms9g1odbeqbeqorj8im0n2eekjaaq" and the NextOwner "ab8r0mpp3qdalu9r45h0uaoi13k38jss". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "1svbveig22astj7dvtglam0n7bi9ejpd" (unhashed: *.h6p.de) with the owner "0plms9g1odbeqbeqorj8im0n2eekjaaq" and the NextOwner "ab8r0mpp3qdalu9r45h0uaoi13k38jss". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner 0plms9g1odbeqbeqorj8im0n2eekjaaq.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 19:26:13 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.h6p.de
|
|
www.h6p.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 37.120.185.72
Validated: RRSIG-Owner www.h6p.de., Algorithm: 7, 3 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2020, 22:25:56 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A03:4000:000F:0656:0002:0000:0000:0008
Validated: RRSIG-Owner www.h6p.de., Algorithm: 7, 3 Labels, original TTL: 86400 sec, Signature-expiration: 09.10.2020, 19:58:26 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "ab8r0mpp3qdalu9r45h0uaoi13k38jss" equal the hashed NSEC3-owner "ab8r0mpp3qdalu9r45h0uaoi13k38jss" and the hashed NextOwner "0plms9g1odbeqbeqorj8im0n2eekjaaq". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner ab8r0mpp3qdalu9r45h0uaoi13k38jss.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 20:48:12 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "ab8r0mpp3qdalu9r45h0uaoi13k38jss" equal the hashed NSEC3-owner "ab8r0mpp3qdalu9r45h0uaoi13k38jss" and the hashed NextOwner "0plms9g1odbeqbeqorj8im0n2eekjaaq". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner ab8r0mpp3qdalu9r45h0uaoi13k38jss.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 20:48:12 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.h6p.de) sends a valid NSEC3 RR as result with the hashed owner name "ab8r0mpp3qdalu9r45h0uaoi13k38jss" (unhashed: www.h6p.de). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "dlune7c4dl9uei78kbep0elegvi1i5da" (unhashed: _tcp.www.h6p.de) with the owner "ab8r0mpp3qdalu9r45h0uaoi13k38jss" and the NextOwner "0plms9g1odbeqbeqorj8im0n2eekjaaq". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "dlvj4q7a3br896pt60f7pq536n8q8btt" (unhashed: *.www.h6p.de) with the owner "ab8r0mpp3qdalu9r45h0uaoi13k38jss" and the NextOwner "0plms9g1odbeqbeqorj8im0n2eekjaaq". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner ab8r0mpp3qdalu9r45h0uaoi13k38jss.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 20:48:12 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "ab8r0mpp3qdalu9r45h0uaoi13k38jss" equal the hashed NSEC3-owner "ab8r0mpp3qdalu9r45h0uaoi13k38jss" and the hashed NextOwner "0plms9g1odbeqbeqorj8im0n2eekjaaq". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner ab8r0mpp3qdalu9r45h0uaoi13k38jss.h6p.de., Algorithm: 7, 3 Labels, original TTL: 7200 sec, Signature-expiration: 09.10.2020, 20:48:12 +, Signature-Inception: 02.10.2020, 22:55:47 +, KeyTag 10613, Signer-Name: h6p.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|