Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14631, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 42351, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 12.04.2021, 00:00:00 +, Signature-Inception: 22.03.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ch
|
|
ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 1053, DigestType 2 and Digest lNg0vvdTa/5uy0aC4RUb3UiCyhLG2ywapkyw6dTaUiI=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 10.04.2021, 17:00:00 +, Signature-Inception: 28.03.2021, 16:00:00 +, KeyTag 42351, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 42351 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 1053, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 29732, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 65077, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 25.04.2021, 10:09:09 +, Signature-Inception: 10.03.2021, 09:09:09 +, KeyTag 1053, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 1053 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 1053, DigestType 2 and Digest "lNg0vvdTa/5uy0aC4RUb3UiCyhLG2ywapkyw6dTaUiI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: larete.ch
|
|
larete.ch
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 46585, DigestType 1 and Digest AnkiB4331OQdg5G8o9QXdy+6waM=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 46585, DigestType 2 and Digest 77FpWI15qNxWii7zMBmYPMdHwyEpwgWuOiDu4FbuAlQ=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner larete.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.04.2021, 23:55:51 +, Signature-Inception: 16.03.2021, 23:02:41 +, KeyTag 29732, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 29732 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46585, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 62121, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 21:20:21 +, Signature-Inception: 27.03.2021, 21:04:24 +, KeyTag 46585, Signer-Name: larete.ch
|
|
|
|
|
| RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 21:20:21 +, Signature-Inception: 27.03.2021, 21:04:24 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46585 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 62121 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 46585, DigestType 1 and Digest "AnkiB4331OQdg5G8o9QXdy+6waM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 46585, DigestType 2 and Digest "77FpWI15qNxWii7zMBmYPMdHwyEpwgWuOiDu4FbuAlQ=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 195.130.218.113
Validated: RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 21:10:29 +, Signature-Inception: 27.03.2021, 20:15:35 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: google-site-verification=kNWu3u9P97BpPURJbP1-7DQv0-DdVNELDXU3rOWyOqc
Validated: RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 16:13:21 +, Signature-Inception: 27.03.2021, 15:31:58 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:security@larete.ch
5|issueletsencrypt.org
Validated: RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 10.04.2021, 16:17:01 +, Signature-Inception: 11.03.2021, 15:30:01 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "larete.ch" equal the NSEC-owner "larete.ch" and the NextOwner "_autodiscover._tcp.larete.ch". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 16:13:21 +, Signature-Inception: 27.03.2021, 15:31:58 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "larete.ch" equal the NSEC-owner "larete.ch" and the NextOwner "_autodiscover._tcp.larete.ch". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 16:13:21 +, Signature-Inception: 27.03.2021, 15:31:58 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.larete.ch) sends a valid NSEC RR as result with the owner name larete.ch. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "larete.ch" and the NextOwner "_autodiscover._tcp.larete.ch". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.larete.ch) sends a valid NSEC RR as result with the query name "_443._tcp.larete.ch" between the NSEC-owner "larete.ch" and the NextOwner "_autodiscover._tcp.larete.ch". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.larete.ch) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.larete.ch" between the NSEC-owner "larete.ch" and the NextOwner "_autodiscover._tcp.larete.ch". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner larete.ch., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 16:13:21 +, Signature-Inception: 27.03.2021, 15:31:58 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.larete.ch
|
|
www.larete.ch
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.larete.ch" and the NextOwner "larete.ch". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 195.130.218.113
Validated: RRSIG-Owner www.larete.ch., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 22:26:53 +, Signature-Inception: 27.03.2021, 22:15:51 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "www.larete.ch" equal the NSEC-owner "www.larete.ch" and the NextOwner "larete.ch". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.larete.ch., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 22:26:53 +, Signature-Inception: 27.03.2021, 22:15:51 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "www.larete.ch" equal the NSEC-owner "www.larete.ch" and the NextOwner "larete.ch". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.larete.ch., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 22:26:53 +, Signature-Inception: 27.03.2021, 22:15:51 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "www.larete.ch" equal the NSEC-owner "www.larete.ch" and the NextOwner "larete.ch". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.larete.ch., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 22:26:53 +, Signature-Inception: 27.03.2021, 22:15:51 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.larete.ch) sends a valid NSEC RR as result with the owner name www.larete.ch. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "www.larete.ch" and the NextOwner "larete.ch". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.www.larete.ch) sends a valid NSEC RR as result with the query name "_443._tcp.www.larete.ch" between the NSEC-owner "www.larete.ch" and the NextOwner "larete.ch". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.www.larete.ch) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.www.larete.ch" between the NSEC-owner "www.larete.ch" and the NextOwner "larete.ch". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.larete.ch., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 22:26:53 +, Signature-Inception: 27.03.2021, 22:15:51 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "www.larete.ch" equal the NSEC-owner "www.larete.ch" and the NextOwner "larete.ch". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.larete.ch., Algorithm: 8, 3 Labels, original TTL: 10800 sec, Signature-expiration: 26.04.2021, 22:26:53 +, Signature-Inception: 27.03.2021, 22:15:51 +, KeyTag 62121, Signer-Name: larete.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|