Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22545, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59944, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.10.2019, 00:00:00 +, Signature-Inception: 01.10.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: me
|
|
me
| 2 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner me., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 20.10.2019, 11:00:00 +, Signature-Inception: 07.10.2019, 10:00:00 +, KeyTag 22545, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22545 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 4 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 2569, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 13289, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 41612, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 53233, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 3 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner me., Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 22.10.2019, 15:18:23 +, Signature-Inception: 01.10.2019, 14:18:23 +, KeyTag 2569, Signer-Name: me
|
|
|
|
|
| RRSIG-Owner me., Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 22.10.2019, 15:18:23 +, Signature-Inception: 01.10.2019, 14:18:23 +, KeyTag 13289, Signer-Name: me
|
|
|
|
|
| RRSIG-Owner me., Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 22.10.2019, 15:18:23 +, Signature-Inception: 01.10.2019, 14:18:23 +, KeyTag 53233, Signer-Name: me
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 2569 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 13289 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 53233 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 2569, DigestType 1 and Digest "CboetNIEAmIIgf2YSJlEF4ANsmo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 2569, DigestType 2 and Digest "lOeYEG8DNQDmdWexl66RMsDpFnZNx0PFWp7KPHv1WeI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ydeal.me
|
|
ydeal.me
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "2b8udspatcimabm7pm52pvq4g5ehkap7" between the hashed NSEC3-owner "2b76t3mf7p0js7mfk141fs54fpcnecv7" and the hashed NextOwner "2b9e8d61us0vgi4uutejj009c7h2mlho". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner 2b76t3mf7p0js7mfk141fs54fpcnecv7.me., Algorithm: 7, 2 Labels, original TTL: 8400 sec, Signature-expiration: 22.10.2019, 15:18:23 +, Signature-Inception: 01.10.2019, 14:18:23 +, KeyTag 13289, Signer-Name: me
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 208, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 52052, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ydeal.me., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 15:55:32 +, Signature-Inception: 04.10.2019, 15:55:32 +, KeyTag 208, Signer-Name: ydeal.me
|
|
|
|
|
| RRSIG-Owner ydeal.me., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 15:55:32 +, Signature-Inception: 04.10.2019, 15:55:32 +, KeyTag 52052, Signer-Name: ydeal.me
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 208 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 52052 used to validate the DNSKEY RRSet
|
|
|
|
|
| Error: DNSKEY 208 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
|
|
| Error: DNSKEY 52052 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
Zone: mail.ydeal.me
|
|
mail.ydeal.me
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "e549m558lkr6hapmpkbv23lo57u9abp3" between the hashed NSEC3-owner "e549m558lkr6hapmpkbv23lo57u9abp3" and the hashed NextOwner "egnns8jak8ga74q927gotgv0lai49uu9". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, TXT, RRSIG Validated: RRSIG-Owner e549m558lkr6hapmpkbv23lo57u9abp3.ydeal.me., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 15:55:32 +, Signature-Inception: 04.10.2019, 15:55:32 +, KeyTag 52052, Signer-Name: ydeal.me
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 176.31.104.161
Validated: RRSIG-Owner mail.ydeal.me., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 15:55:32 +, Signature-Inception: 04.10.2019, 15:55:32 +, KeyTag 52052, Signer-Name: ydeal.me
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 ip4:176.31.104.161 -all
Validated: RRSIG-Owner mail.ydeal.me., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 15:55:32 +, Signature-Inception: 04.10.2019, 15:55:32 +, KeyTag 52052, Signer-Name: ydeal.me
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-03 15:55:32 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, TXT, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-03 15:55:32 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, TXT, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-03 15:55:32 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-03 15:55:32 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, TXT, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-03 15:55:32 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, TXT, RRSIG
|
|
|
Zone: www.mail.ydeal.me
|
|
www.mail.ydeal.me
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "d1fas6igjg9kr11cdclnh1fv79f5g947" between the hashed NSEC3-owner "cgep29rq0nh16mjifr6n0g2glcaer804" and the hashed NextOwner "df6ora9rer468b9sof4oro3k6kvhaj3q". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner cgep29rq0nh16mjifr6n0g2glcaer804.ydeal.me., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.11.2019, 15:55:32 +, Signature-Inception: 04.10.2019, 15:55:32 +, KeyTag 52052, Signer-Name: ydeal.me
|