Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14748, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.11.2021, 00:00:00 +, Signature-Inception: 21.10.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: systems
|
|
systems
| 3 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 535, DigestType 1 and Digest YPTIAsm5gU7TdbF+RA0ng8QkObk=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 535, DigestType 2 and Digest HMhKzHgGS9XD/5pTk5H2wiTCI2uT0xRZfu2FG28V9tE=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 9634, DigestType 2 and Digest pF9gQYR2IreiTgtBrqG7wuYY6VLiVVIGd2KV7cye930=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner systems., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.11.2021, 17:00:00 +, Signature-Inception: 25.10.2021, 16:00:00 +, KeyTag 14748, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14748 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 4 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 535, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 8985, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 9634, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61065, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner systems., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 15.11.2021, 15:44:21 +, Signature-Inception: 25.10.2021, 14:44:21 +, KeyTag 9634, Signer-Name: systems
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 9634 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 9634, DigestType 2 and Digest "pF9gQYR2IreiTgtBrqG7wuYY6VLiVVIGd2KV7cye930=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: maker.systems
|
|
maker.systems
| 3 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 62376, DigestType 1 and Digest iJCUxB2XwJAUgICA3SJ/4WvIa1Q=
|
|
|
|
|
| DS with Algorithm 13, KeyTag 62376, DigestType 2 and Digest zZp2R1lWO+lXnlZQ+WZbcxKvZXI3bnRxR56q+S+y0J8=
|
|
|
|
|
| DS with Algorithm 13, KeyTag 62376, DigestType 4 and Digest +Vem6mFCiw+1IHX5BFw2jF3tEZNTVKMWz1hFw5FCyyV2ZXbNebBXmuDeJsT92XUd
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner maker.systems., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.11.2021, 15:44:21 +, Signature-Inception: 25.10.2021, 14:44:21 +, KeyTag 8985, Signer-Name: systems
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 8985 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 62376, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner maker.systems., Algorithm: 13, 2 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 62376 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 62376, DigestType 1 and Digest "iJCUxB2XwJAUgICA3SJ/4WvIa1Q=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 62376, DigestType 2 and Digest "zZp2R1lWO+lXnlZQ+WZbcxKvZXI3bnRxR56q+S+y0J8=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 62376, DigestType 4 and Digest "+Vem6mFCiw+1IHX5BFw2jF3tEZNTVKMWz1hFw5FCyyV2ZXbNebBXmuDeJsT92XUd" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 83.137.145.159
Validated: RRSIG-Owner maker.systems., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:_spf.exsilia.net -all
Validated: RRSIG-Owner maker.systems., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A01:01B0:7999:0402:0000:0000:0000:0159
Validated: RRSIG-Owner maker.systems., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefhttps://svangool.report-uri.com/r/d/csp/enforce
5|issueletsencrypt.org
Validated: RRSIG-Owner maker.systems., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "penq6oh4vdqhs46npbjr3g4gtq158q5u" equal the hashed NSEC3-owner "penq6oh4vdqhs46npbjr3g4gtq158q5u" and the hashed NextOwner "up210qrlu2tf42ekr20ud7ohroth7uu5". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner penq6oh4vdqhs46npbjr3g4gtq158q5u.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.maker.systems) sends a valid NSEC3 RR as result with the hashed owner name "penq6oh4vdqhs46npbjr3g4gtq158q5u" (unhashed: maker.systems). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "rmuj0a7ch4ovq1npqq165bhfvcshntp6" (unhashed: *.maker.systems) with the owner "penq6oh4vdqhs46npbjr3g4gtq158q5u" and the NextOwner "up210qrlu2tf42ekr20ud7ohroth7uu5". So that NSEC3 confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.maker.systems) sends a valid NSEC3 RR as result with the hashed query name "sjg2mnbblr839jolghb0bolr0dn81lj9" between the hashed NSEC3-owner "penq6oh4vdqhs46npbjr3g4gtq158q5u" and the hashed NextOwner "up210qrlu2tf42ekr20ud7ohroth7uu5". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner penq6oh4vdqhs46npbjr3g4gtq158q5u.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "fpp6fe7mrcsmrfs24fbg4m315esgeq6s" (unhashed: _tcp.maker.systems) with the owner "8d8g042rtsrv0garg8oefn7lu1ht70rh" and the NextOwner "id95sm2curj2td24iq833s64co26o8fm". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner 8d8g042rtsrv0garg8oefn7lu1ht70rh.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.maker.systems
|
|
www.maker.systems
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "0h61ecukqkudhjt65hp30kj1slfo3ci5" between the hashed NSEC3-owner "0h61ecukqkudhjt65hp30kj1slfo3ci5" and the hashed NextOwner "1biufclmja5nmqopndk4vqlktni5oh31". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 0h61ecukqkudhjt65hp30kj1slfo3ci5.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 83.137.145.159
Validated: RRSIG-Owner www.maker.systems., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A01:01B0:7999:0402:0000:0000:0000:0159
Validated: RRSIG-Owner www.maker.systems., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "0h61ecukqkudhjt65hp30kj1slfo3ci5" equal the hashed NSEC3-owner "0h61ecukqkudhjt65hp30kj1slfo3ci5" and the hashed NextOwner "1biufclmja5nmqopndk4vqlktni5oh31". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 0h61ecukqkudhjt65hp30kj1slfo3ci5.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "0h61ecukqkudhjt65hp30kj1slfo3ci5" equal the hashed NSEC3-owner "0h61ecukqkudhjt65hp30kj1slfo3ci5" and the hashed NextOwner "1biufclmja5nmqopndk4vqlktni5oh31". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 0h61ecukqkudhjt65hp30kj1slfo3ci5.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.maker.systems) sends a valid NSEC3 RR as result with the hashed owner name "0h61ecukqkudhjt65hp30kj1slfo3ci5" (unhashed: www.maker.systems). So that's the Closest Encloser of the query name.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 0h61ecukqkudhjt65hp30kj1slfo3ci5.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "dmsb2eb1m5gpb34d4vsg87rsasp9uk3p" (unhashed: _tcp.www.maker.systems) with the owner "8d8g042rtsrv0garg8oefn7lu1ht70rh" and the NextOwner "id95sm2curj2td24iq833s64co26o8fm". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner 8d8g042rtsrv0garg8oefn7lu1ht70rh.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "lu050866ot6uvnp2rjokrk9ngcee4ttj" (unhashed: *.www.maker.systems) with the owner "id95sm2curj2td24iq833s64co26o8fm" and the NextOwner "penq6oh4vdqhs46npbjr3g4gtq158q5u". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner id95sm2curj2td24iq833s64co26o8fm.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "0h61ecukqkudhjt65hp30kj1slfo3ci5" equal the hashed NSEC3-owner "0h61ecukqkudhjt65hp30kj1slfo3ci5" and the hashed NextOwner "1biufclmja5nmqopndk4vqlktni5oh31". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 0h61ecukqkudhjt65hp30kj1slfo3ci5.maker.systems., Algorithm: 13, 3 Labels, original TTL: 10800 sec, Signature-expiration: 04.11.2021, 00:00:00 +, Signature-Inception: 14.10.2021, 00:00:00 +, KeyTag 62376, Signer-Name: maker.systems
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|