Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 42351, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.02.2021, 00:00:00 +, Signature-Inception: 21.01.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.02.2021, 05:00:00 +, Signature-Inception: 25.01.2021, 04:00:00 +, KeyTag 42351, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 42351 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 58540, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.02.2021, 19:24:21 +, Signature-Inception: 20.01.2021, 19:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: info-nico.com
|
|
info-nico.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 41507, DigestType 2 and Digest vo2h4Ag4Aq5FgBub6FHDKJwW9ry/AgJfyQyVhTnVUlk=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner info-nico.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 30.01.2021, 08:04:15 +, Signature-Inception: 23.01.2021, 06:54:15 +, KeyTag 58540, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 58540 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22543, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 41507, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner info-nico.com., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 41507, Signer-Name: info-nico.com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 41507 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 41507, DigestType 2 and Digest "vo2h4Ag4Aq5FgBub6FHDKJwW9ry/AgJfyQyVhTnVUlk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 174.88.64.12
Validated: RRSIG-Owner info-nico.com., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "vv72ddci2isa8hmrbf8dr8jsv9btap7j" equal the hashed NSEC3-owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the hashed NextOwner "g1gmu1occqnb1050bi8umc0it6ig6c1a". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "vv72ddci2isa8hmrbf8dr8jsv9btap7j" equal the hashed NSEC3-owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the hashed NextOwner "g1gmu1occqnb1050bi8umc0it6ig6c1a". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "vv72ddci2isa8hmrbf8dr8jsv9btap7j" equal the hashed NSEC3-owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the hashed NextOwner "g1gmu1occqnb1050bi8umc0it6ig6c1a". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.info-nico.com) sends a valid NSEC3 RR as result with the hashed owner name "vv72ddci2isa8hmrbf8dr8jsv9btap7j" (unhashed: info-nico.com). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "8tu9gqv96v1vmitth7r79rncur3eifa3" (unhashed: _tcp.info-nico.com) with the owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the NextOwner "g1gmu1occqnb1050bi8umc0it6ig6c1a". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "4i601go4j3fh7hgnvd3dfoi5d6im5gls" (unhashed: *.info-nico.com) with the owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the NextOwner "g1gmu1occqnb1050bi8umc0it6ig6c1a". So that NSEC3 confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.info-nico.com) sends a valid NSEC3 RR as result with the owner name "vv72ddci2isa8hmrbf8dr8jsv9btap7j" greater the NextOwner-Name "g1gmu1occqnb1050bi8umc0it6ig6c1a", so the NSEC3 covers the end of the zone. The hashed query name "38prrbfcrsim3end8ugi15slr2rmhdm8" comes before the hashed NextOwner, so the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "vv72ddci2isa8hmrbf8dr8jsv9btap7j" equal the hashed NSEC3-owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the hashed NextOwner "g1gmu1occqnb1050bi8umc0it6ig6c1a". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.info-nico.com
|
|
www.info-nico.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "vv72ddci2isa8hmrbf8dr8jsv9btap7j" as Owner. That's the Hash of "info-nico.com" with the NextHashedOwnerName "g1gmu1occqnb1050bi8umc0it6ig6c1a". So that domain name is the Closest Encloser of "www.info-nico.com". Opt-Out: False.
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|
|
|
|
|
| The ClosestEncloser says, that "*.info-nico.com" with the Hash "4i601go4j3fh7hgnvd3dfoi5d6im5gls" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "vv72ddci2isa8hmrbf8dr8jsv9btap7j" and the Next Owner "g1gmu1occqnb1050bi8umc0it6ig6c1a", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: A, NS, SOA, MX, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner vv72ddci2isa8hmrbf8dr8jsv9btap7j.info-nico.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 13.02.2021, 08:05:52 +, Signature-Inception: 22.01.2021, 08:05:52 +, KeyTag 22543, Signer-Name: info-nico.com
|