Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26470, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61050, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.01.2025, 00:00:00 +, Signature-Inception: 01.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nl
|
|
nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 17153, DigestType 2 and Digest xd/dyR51MlYqNfPCzTCCOJS+CPIBAfGr9FyKuXOfP0k=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 17:00:00 +, Signature-Inception: 10.01.2025, 16:00:00 +, KeyTag 26470, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 17153, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 48480, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 13, 1 Labels, original TTL: 3600 sec, Signature-expiration: 22.01.2025, 00:43:39 +, Signature-Inception: 08.01.2025, 04:07:21 +, KeyTag 17153, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 17153 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 17153, DigestType 2 and Digest "xd/dyR51MlYqNfPCzTCCOJS+CPIBAfGr9FyKuXOfP0k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: meneer-punt.nl
|
|
meneer-punt.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "m5l0qhcinmqt7ffkh36b8v4a76t42q1g" between the hashed NSEC3-owner "m5l0qhcinmqt7ffkh36b8v4a76t42q1g" and the hashed NextOwner "m5l0to3652ppvi2e9mo6pjvili838gu1". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: No Bitmap? Validated: RRSIG-Owner m5l0qhcinmqt7ffkh36b8v4a76t42q1g.nl., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 20.01.2025, 05:37:03 +, Signature-Inception: 05.01.2025, 21:07:26 +, KeyTag 48480, Signer-Name: nl
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 56986, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 56986 used to validate the DNSKEY RRSet
|
|
|
|
|
| Error: DNSKEY 56986 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 141.144.194.199
Validated: RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:icloud.com include:spf.sqr.nl -all
Validated: RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "meneer-punt.nl" equal the NSEC-owner "meneer-punt.nl" and the NextOwner "_dmarc.meneer-punt.nl". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "meneer-punt.nl" equal the NSEC-owner "meneer-punt.nl" and the NextOwner "_dmarc.meneer-punt.nl". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.meneer-punt.nl) sends a valid NSEC RR as result with the owner name meneer-punt.nl. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "meneer-punt.nl" and the NextOwner "_dmarc.meneer-punt.nl". So that NSEC confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.meneer-punt.nl) sends a valid NSEC RR as result with the query name "_443._tcp.meneer-punt.nl" between the NSEC-owner "_dmarc.meneer-punt.nl" and the NextOwner "www.meneer-punt.nl". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.meneer-punt.nl) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.meneer-punt.nl" between the NSEC-owner "_dmarc.meneer-punt.nl" and the NextOwner "www.meneer-punt.nl". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: TXT, RRSIG, NSEC Validated: RRSIG-Owner _dmarc.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "meneer-punt.nl" equal the NSEC-owner "meneer-punt.nl" and the NextOwner "_dmarc.meneer-punt.nl". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY Validated: RRSIG-Owner meneer-punt.nl., Algorithm: 13, 2 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.meneer-punt.nl
|
|
www.meneer-punt.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 141.144.194.199
Validated: RRSIG-Owner www.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "www.meneer-punt.nl" equal the NSEC-owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "www.meneer-punt.nl" equal the NSEC-owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "www.meneer-punt.nl" equal the NSEC-owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.meneer-punt.nl) sends a valid NSEC RR as result with the owner name www.meneer-punt.nl. So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC RR as result and covers the Wildcard expansion of the ClosestEncloser with the owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So that NSEC confirms the not-existence of the Wildcard expansion. TLSA-Query (_443._tcp.www.meneer-punt.nl) sends a valid NSEC RR as result with the query name "_443._tcp.www.meneer-punt.nl" between the NSEC-owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the zone confirmes the not-existence of that TLSA RR.TLSA-Query (_443._tcp.www.meneer-punt.nl) sends a valid NSEC RR as result with the parent Wildcard "*._tcp.www.meneer-punt.nl" between the NSEC-owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the zone confirmes the not-existence of that Wildcard-expansion.
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "www.meneer-punt.nl" equal the NSEC-owner "www.meneer-punt.nl" and the NextOwner "meneer-punt.nl". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG, NSEC Validated: RRSIG-Owner www.meneer-punt.nl., Algorithm: 13, 3 Labels, original TTL: 86400 sec, Signature-expiration: 23.01.2025, 00:00:00 +, Signature-Inception: 02.01.2025, 00:00:00 +, KeyTag 56986, Signer-Name: meneer-punt.nl
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|