Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 18733, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.11.2022, 00:00:00 +, Signature-Inception: 11.10.2022, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2022, 05:00:00 +, Signature-Inception: 11.10.2022, 04:00:00 +, KeyTag 18733, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 18733 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 32298, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 53929, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.10.2022, 18:24:21 +, Signature-Inception: 02.10.2022, 18:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: vetofish.com
|
|
vetofish.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 14929, DigestType 2 and Digest 7QT47mYKwwinTZa5cfPwOMafAWdC/ZJjyolFUDWK1fM=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner vetofish.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 16.10.2022, 06:10:18 +, Signature-Inception: 09.10.2022, 05:00:18 +, KeyTag 32298, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 32298 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14929, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17739, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner vetofish.com., Algorithm: 8, 2 Labels, original TTL: 43200 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 14929, Signer-Name: vetofish.com
|
|
|
|
|
| RRSIG-Owner vetofish.com., Algorithm: 8, 2 Labels, original TTL: 43200 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14929 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17739 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 14929, DigestType 2 and Digest "7QT47mYKwwinTZa5cfPwOMafAWdC/ZJjyolFUDWK1fM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: lab.vetofish.com
|
|
lab.vetofish.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "a8qj9n7j46lbau416c5qf5a1m9u36vq7" between the hashed NSEC3-owner "a8qj9n7j46lbau416c5qf5a1m9u36vq7" and the hashed NextOwner "aeofdn431ifmqm9eukn4vdugifd9ombh". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner a8qj9n7j46lbau416c5qf5a1m9u36vq7.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 37.59.64.11
Validated: RRSIG-Owner lab.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 43200 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "a8qj9n7j46lbau416c5qf5a1m9u36vq7" equal the hashed NSEC3-owner "a8qj9n7j46lbau416c5qf5a1m9u36vq7" and the hashed NextOwner "aeofdn431ifmqm9eukn4vdugifd9ombh". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner a8qj9n7j46lbau416c5qf5a1m9u36vq7.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "a8qj9n7j46lbau416c5qf5a1m9u36vq7" equal the hashed NSEC3-owner "a8qj9n7j46lbau416c5qf5a1m9u36vq7" and the hashed NextOwner "aeofdn431ifmqm9eukn4vdugifd9ombh". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner a8qj9n7j46lbau416c5qf5a1m9u36vq7.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "a8qj9n7j46lbau416c5qf5a1m9u36vq7" equal the hashed NSEC3-owner "a8qj9n7j46lbau416c5qf5a1m9u36vq7" and the hashed NextOwner "aeofdn431ifmqm9eukn4vdugifd9ombh". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner a8qj9n7j46lbau416c5qf5a1m9u36vq7.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.lab.vetofish.com) sends a valid NSEC3 RR as result with the hashed owner name "a8qj9n7j46lbau416c5qf5a1m9u36vq7" (unhashed: lab.vetofish.com). So that's the Closest Encloser of the query name.
Bitmap: A, RRSIG Validated: RRSIG-Owner a8qj9n7j46lbau416c5qf5a1m9u36vq7.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "115f2e1ib1jkdn3ko9n84oesvdpkud9u" (unhashed: _tcp.lab.vetofish.com) with the owner "vud2mrqn3jon24fnoluvs647mflasagl" and the NextOwner "2oqaf21t1qi7ad3sqg0ss57dot2ivfhc". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner vud2mrqn3jon24fnoluvs647mflasagl.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "uqdhee29ct93q0evebsu68nuq358jg6k" (unhashed: *.lab.vetofish.com) with the owner "u0et7tppk0abdo5qpecs6akt0usvvjlg" and the NextOwner "vud2mrqn3jon24fnoluvs647mflasagl". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, RRSIG, CAA Validated: RRSIG-Owner u0et7tppk0abdo5qpecs6akt0usvvjlg.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "a8qj9n7j46lbau416c5qf5a1m9u36vq7" equal the hashed NSEC3-owner "a8qj9n7j46lbau416c5qf5a1m9u36vq7" and the hashed NextOwner "aeofdn431ifmqm9eukn4vdugifd9ombh". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner a8qj9n7j46lbau416c5qf5a1m9u36vq7.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.lab.vetofish.com
|
|
www.lab.vetofish.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "e53hjm98ca5934bmdahk62482s9bbovf" between the hashed NSEC3-owner "e53hjm98ca5934bmdahk62482s9bbovf" and the hashed NextOwner "fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner e53hjm98ca5934bmdahk62482s9bbovf.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 37.59.64.11
Validated: RRSIG-Owner www.lab.vetofish.com., Algorithm: 8, 4 Labels, original TTL: 43200 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "e53hjm98ca5934bmdahk62482s9bbovf" equal the hashed NSEC3-owner "e53hjm98ca5934bmdahk62482s9bbovf" and the hashed NextOwner "fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner e53hjm98ca5934bmdahk62482s9bbovf.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "e53hjm98ca5934bmdahk62482s9bbovf" equal the hashed NSEC3-owner "e53hjm98ca5934bmdahk62482s9bbovf" and the hashed NextOwner "fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner e53hjm98ca5934bmdahk62482s9bbovf.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "e53hjm98ca5934bmdahk62482s9bbovf" equal the hashed NSEC3-owner "e53hjm98ca5934bmdahk62482s9bbovf" and the hashed NextOwner "fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner e53hjm98ca5934bmdahk62482s9bbovf.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.lab.vetofish.com) sends a valid NSEC3 RR as result with the hashed owner name "e53hjm98ca5934bmdahk62482s9bbovf" (unhashed: www.lab.vetofish.com). So that's the Closest Encloser of the query name.
Bitmap: A, RRSIG Validated: RRSIG-Owner e53hjm98ca5934bmdahk62482s9bbovf.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "s730p1pnhqtedhudtfs2tfbkbgajs356" (unhashed: _tcp.www.lab.vetofish.com) with the owner "ru1b17jsnouhu3tn6sj0k9dp79m3227e" and the NextOwner "sd0opqbtjotqabcu33qb0kpec42k6vop". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: A, NS, SOA, MX, TXT, LOC, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner ru1b17jsnouhu3tn6sj0k9dp79m3227e.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "feq0smp56ge1gcov9rv873gcbncfhq4t" (unhashed: *.www.lab.vetofish.com) with the owner "fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce" and the NextOwner "gdaem1iqdkq7t6uatnhs0n0mh24nm8at". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "e53hjm98ca5934bmdahk62482s9bbovf" equal the hashed NSEC3-owner "e53hjm98ca5934bmdahk62482s9bbovf" and the hashed NextOwner "fc3vbgc7kf9j7gmbbqdbr63f4ui4vrce". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner e53hjm98ca5934bmdahk62482s9bbovf.vetofish.com., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 08.11.2022, 14:18:55 +, Signature-Inception: 09.10.2022, 14:18:55 +, KeyTag 17739, Signer-Name: vetofish.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|