Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26116, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 42351, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.01.2021, 00:00:00 +, Signature-Inception: 20.12.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: fr
|
|
fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 35095, DigestType 2 and Digest I8bKrcmSfumAYfK1LJuNprU/P2SPgUpKhqD6+YQ+LE4=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 03.01.2021, 17:00:00 +, Signature-Inception: 21.12.2020, 16:00:00 +, KeyTag 26116, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26116 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 35095, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 47293, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 172800 sec, Signature-expiration: 23.02.2021, 03:09:36 +, Signature-Inception: 16.12.2020, 07:28:06 +, KeyTag 35095, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 35095 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 35095, DigestType 2 and Digest "I8bKrcmSfumAYfK1LJuNprU/P2SPgUpKhqD6+YQ+LE4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: lazysoftware.fr
|
|
lazysoftware.fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 23590, DigestType 2 and Digest zglMtEEifCWGi2yny0RwhmUBagQVoPZ+jzwlDOchHj8=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner lazysoftware.fr., Algorithm: 8, 2 Labels, original TTL: 172800 sec, Signature-expiration: 01.02.2021, 21:22:06 +, Signature-Inception: 15.12.2020, 22:20:04 +, KeyTag 47293, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 47293 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 23590, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 63228, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner lazysoftware.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 23590, Signer-Name: lazysoftware.fr
|
|
|
|
|
| RRSIG-Owner lazysoftware.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 23590 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 63228 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 23590, DigestType 2 and Digest "zglMtEEifCWGi2yny0RwhmUBagQVoPZ+jzwlDOchHj8=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.143.45.219
Validated: RRSIG-Owner lazysoftware.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: 1|www.lazysoftware.fr
Validated: RRSIG-Owner lazysoftware.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 32773|issueletsencrypt.org
Validated: RRSIG-Owner lazysoftware.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "p53h2n8t8aga232to1kv0pv5v7mb6qf9" equal the hashed NSEC3-owner "p53h2n8t8aga232to1kv0pv5v7mb6qf9" and the hashed NextOwner "071n8j2k95bsju0gfdte5oe53k3rqvkg". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner p53h2n8t8aga232to1kv0pv5v7mb6qf9.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "p53h2n8t8aga232to1kv0pv5v7mb6qf9" equal the hashed NSEC3-owner "p53h2n8t8aga232to1kv0pv5v7mb6qf9" and the hashed NextOwner "071n8j2k95bsju0gfdte5oe53k3rqvkg". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner p53h2n8t8aga232to1kv0pv5v7mb6qf9.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.lazysoftware.fr) sends a valid NSEC3 RR as result with the hashed owner name "7jdd261qnlpeo48atmolp6nrbraqhgo8" (unhashed: _tcp.lazysoftware.fr). So that's the Closest Encloser of the query name.
Bitmap: No Bitmap? Validated: RRSIG-Owner 7jdd261qnlpeo48atmolp6nrbraqhgo8.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "qsgpmr3pufkcsqh3806ljcr9n08bc9p8" (unhashed: *._tcp.lazysoftware.fr) with the owner "p53h2n8t8aga232to1kv0pv5v7mb6qf9" and the NextOwner "071n8j2k95bsju0gfdte5oe53k3rqvkg". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner p53h2n8t8aga232to1kv0pv5v7mb6qf9.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.lazysoftware.fr) sends a valid NSEC3 RR as result with the hashed query name "1or6imatv356lmd089ftfij9jisev8kk" between the hashed NSEC3-owner "071n8j2k95bsju0gfdte5oe53k3rqvkg" and the hashed NextOwner "3vrv54q0s5uufo8srn7icoolfvaa0jbr". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 071n8j2k95bsju0gfdte5oe53k3rqvkg.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.lazysoftware.fr
|
|
www.lazysoftware.fr
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "aplrvq0nb6tdg1gpku18ta6kc32h6a86" between the hashed NSEC3-owner "aplrvq0nb6tdg1gpku18ta6kc32h6a86" and the hashed NextOwner "f6q1kmud7uj75foova6o36u535mfpng8". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner aplrvq0nb6tdg1gpku18ta6kc32h6a86.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.143.45.219
Validated: RRSIG-Owner www.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: 3|welcome
Validated: RRSIG-Owner www.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "aplrvq0nb6tdg1gpku18ta6kc32h6a86" equal the hashed NSEC3-owner "aplrvq0nb6tdg1gpku18ta6kc32h6a86" and the hashed NextOwner "f6q1kmud7uj75foova6o36u535mfpng8". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner aplrvq0nb6tdg1gpku18ta6kc32h6a86.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "aplrvq0nb6tdg1gpku18ta6kc32h6a86" equal the hashed NSEC3-owner "aplrvq0nb6tdg1gpku18ta6kc32h6a86" and the hashed NextOwner "f6q1kmud7uj75foova6o36u535mfpng8". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner aplrvq0nb6tdg1gpku18ta6kc32h6a86.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.lazysoftware.fr) sends a valid NSEC3 RR as result with the hashed owner name "aplrvq0nb6tdg1gpku18ta6kc32h6a86" (unhashed: www.lazysoftware.fr). So that's the Closest Encloser of the query name. TLSA-Query (_443._tcp.www.lazysoftware.fr) sends a valid NSEC3 RR as result with the hashed query name "e6fhab5ejnj3opl22fi5n6h24078rkkc" between the hashed NSEC3-owner "aplrvq0nb6tdg1gpku18ta6kc32h6a86" and the hashed NextOwner "f6q1kmud7uj75foova6o36u535mfpng8". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner aplrvq0nb6tdg1gpku18ta6kc32h6a86.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "2vi4de8osdlrfatgo24fc9ck5kqrvhv0" (unhashed: _tcp.www.lazysoftware.fr) with the owner "071n8j2k95bsju0gfdte5oe53k3rqvkg" and the NextOwner "3vrv54q0s5uufo8srn7icoolfvaa0jbr". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 071n8j2k95bsju0gfdte5oe53k3rqvkg.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "hb0c426mfoclojp8etf3tc0mcc0nbtk8" (unhashed: *.www.lazysoftware.fr) with the owner "f6q1kmud7uj75foova6o36u535mfpng8" and the NextOwner "kb97l64ua3mf9ppbqu5du3i24f2j128a". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: SRV, RRSIG Validated: RRSIG-Owner f6q1kmud7uj75foova6o36u535mfpng8.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "aplrvq0nb6tdg1gpku18ta6kc32h6a86" equal the hashed NSEC3-owner "aplrvq0nb6tdg1gpku18ta6kc32h6a86" and the hashed NextOwner "f6q1kmud7uj75foova6o36u535mfpng8". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner aplrvq0nb6tdg1gpku18ta6kc32h6a86.lazysoftware.fr., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 21.01.2021, 00:13:00 +, Signature-Inception: 22.12.2020, 00:13:00 +, KeyTag 63228, Signer-Name: lazysoftware.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|