Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22545, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.11.2019, 00:00:00 +, Signature-Inception: 11.10.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gov
|
|
gov
| 2 DS RR in the parent zone found
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2019, 17:00:00 +, Signature-Inception: 11.10.2019, 16:00:00 +, KeyTag 22545, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22545 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7698, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7877, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 32795, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 19.10.2019, 21:47:31 +, Signature-Inception: 04.10.2019, 21:42:31 +, KeyTag 7698, Signer-Name: gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7698 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 1 and Digest "bxCbRqgM6pYT3IbVo+BlUgUFqv4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 2 and Digest "a8lJ5jhELq0L2vCTV2PI0AN2A4T/Feu9XOhrtVWVYfA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: usa.gov
|
|
usa.gov
| 2 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner usa.gov., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.10.2019, 16:10:07 +, Signature-Inception: 11.10.2019, 16:10:07 +, KeyTag 7877, Signer-Name: gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7877 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 6078, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7474, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 56804, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 3 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner usa.gov., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 10.11.2019, 16:39:29 +, Signature-Inception: 11.10.2019, 16:34:29 +, KeyTag 6078, Signer-Name: usa.gov
|
|
|
|
|
| RRSIG-Owner usa.gov., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 10.11.2019, 16:39:29 +, Signature-Inception: 11.10.2019, 16:34:29 +, KeyTag 7474, Signer-Name: usa.gov
|
|
|
|
|
| RRSIG-Owner usa.gov., Algorithm: 8, 2 Labels, original TTL: 10800 sec, Signature-expiration: 10.11.2019, 16:39:29 +, Signature-Inception: 11.10.2019, 16:34:29 +, KeyTag 56804, Signer-Name: usa.gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 6078 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7474 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 56804 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 56804, DigestType 1 and Digest "ytPuWyhaLhguD7pcnLt5A7XnJDA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 56804, DigestType 2 and Digest "kpr7UICmgN6YdUNloGZjWDIRHc1KhPsd4L8s5NC1RTM=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: search.usa.gov
|
|
search.usa.gov
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "gjrbatrf8dc6do0usotj9mrofpfc5gr6" between the hashed NSEC3-owner "gjrbatrf8dc6do0usotj9mrofpfc5gr6" and the hashed NextOwner "gpcsi4inh71htco18dbsvsqpesmu8a3k". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: No Bitmap? Validated: RRSIG-Owner gjrbatrf8dc6do0usotj9mrofpfc5gr6.usa.gov., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.11.2019, 16:39:29 +, Signature-Inception: 11.10.2019, 16:34:29 +, KeyTag 6078, Signer-Name: usa.gov
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "gjrbatrf8dc6do0usotj9mrofpfc5gr6" between the hashed NSEC3-owner "gjrbatrf8dc6do0usotj9mrofpfc5gr6" and the hashed NextOwner "gpcsi4inh71htco18dbsvsqpesmu8a3k". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: No Bitmap? Validated: RRSIG-Owner gjrbatrf8dc6do0usotj9mrofpfc5gr6.usa.gov., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 10.11.2019, 16:39:29 +, Signature-Inception: 11.10.2019, 16:34:29 +, KeyTag 7474, Signer-Name: usa.gov
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: infr.search.usa.gov
|
|
infr.search.usa.gov
| 0 DS RR in the parent zone found
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: lets-encrypt.infr.search.usa.gov
|
|
lets-encrypt.infr.search.usa.gov
| 0 DS RR in the parent zone found
|
|
|
Zone: www.lets-encrypt.infr.search.usa.gov
|
|
www.lets-encrypt.infr.search.usa.gov
| 0 DS RR in the parent zone found
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22545, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.11.2019, 00:00:00 +, Signature-Inception: 11.10.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: gov
|
|
gov
| 2 DS RR in the parent zone found
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2019, 17:00:00 +, Signature-Inception: 11.10.2019, 16:00:00 +, KeyTag 22545, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22545 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7698, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 7877, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 32795, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner gov., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 19.10.2019, 21:47:31 +, Signature-Inception: 04.10.2019, 21:42:31 +, KeyTag 7698, Signer-Name: gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7698 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 1 and Digest "bxCbRqgM6pYT3IbVo+BlUgUFqv4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 2 and Digest "a8lJ5jhELq0L2vCTV2PI0AN2A4T/Feu9XOhrtVWVYfA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: search.gov
|
|
search.gov
| 2 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner search.gov., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.10.2019, 16:10:07 +, Signature-Inception: 11.10.2019, 16:10:07 +, KeyTag 7877, Signer-Name: gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7877 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 1578, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 19720, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 52398, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner search.gov., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2019, 00:00:00 +, Signature-Inception: 03.10.2019, 00:00:00 +, KeyTag 19720, Signer-Name: search.gov
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 19720 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 19720, DigestType 1 and Digest "jRMb5x3NcQiU6nVEAaiaKxGXmBo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 19720, DigestType 2 and Digest "Ei5QYRNv9OBBF+KMxSU8UVPohbo1oz6Kp8otYXeaLKw=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: lets-encrypt.search.gov
|
|
lets-encrypt.search.gov
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "7thucrpjfq9uh569a182erd3ci9mgo9q" between the hashed NSEC3-owner "7thucrpjfq9uh569a182erd3ci9mgo9q" and the hashed NextOwner "82cnpi310ma4t1bbtjoe5rfcdod8d129". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner 7thucrpjfq9uh569a182erd3ci9mgo9q.search.gov., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 24.10.2019, 00:00:00 +, Signature-Inception: 03.10.2019, 00:00:00 +, KeyTag 1578, Signer-Name: search.gov
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 34.238.89.30
Validated: RRSIG-Owner lets-encrypt.search.gov., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 24.10.2019, 00:00:00 +, Signature-Inception: 03.10.2019, 00:00:00 +, KeyTag 1578, Signer-Name: search.gov
|
|
|
|
|
| RRSIG Type 50, expiration 2019-10-24 00:00:00 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-10-24 00:00:00 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-10-24 00:00:00 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-10-24 00:00:00 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-10-24 00:00:00 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, RRSIG
|