Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 33853, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 48903, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.04.2020, 00:00:00 +, Signature-Inception: 21.03.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ch
|
|
ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 13.04.2020, 05:00:00 +, Signature-Inception: 31.03.2020, 04:00:00 +, KeyTag 33853, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 33853 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 18757, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 51409, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 55966, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 30.04.2020, 10:09:09 +, Signature-Inception: 15.03.2020, 09:09:09 +, KeyTag 55966, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 55966 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 55966, DigestType 2 and Digest "zrR5QW5O/XcIAENL4SReGxDUzwGCVcEdhUTESPoDKzI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: migrosbank.ch
|
|
migrosbank.ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner migrosbank.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.04.2020, 15:30:58 +, Signature-Inception: 19.03.2020, 15:01:16 +, KeyTag 18757, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 18757 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 32944, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 50197, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner migrosbank.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.04.2020, 13:22:22 +, Signature-Inception: 25.03.2020, 11:52:22 +, KeyTag 32944, Signer-Name: migrosbank.ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 32944 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 32944, DigestType 2 and Digest "Z9J/Il1bBLqBV7RtvDqg+4VfKVHdm9ZVGkIhzuuli6I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 159.179.169.15
Validated: RRSIG-Owner migrosbank.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.04.2020, 13:22:22 +, Signature-Inception: 25.03.2020, 11:52:22 +, KeyTag 50197, Signer-Name: migrosbank.ch
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: MS=ms66830616
MS=B32C090CD5A81AB3CDDC0E2E99CE07E40F9E16AC
docusign=99972819-783a-4814-8516-a6b68f4201f4
docusign=d12dcc5f-b031-455b-b799-a883ae9e4dd4
facebook-domain-verification=lq62pc8vk8cavacgab1rhozj3i6eem
adobe-idp-site-verification=ab961429-d28c-4279-b0cd-5be6f3cfdb5d
v=spf1 ip4:159.179.169.132 ip4:159.179.169.133 ip4:146.67.146.0/24 ip4:54.229.54.45 ip4:185.238.12.20 ip4:185.238.12.21 ip4:93.190.78.23 -all
Validated: RRSIG-Owner migrosbank.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.04.2020, 16:01:23 +, Signature-Inception: 25.03.2020, 14:31:23 +, KeyTag 50197, Signer-Name: migrosbank.ch
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|issuedigicert.com
5|issueswisssign.com
9|issuewild;
Validated: RRSIG-Owner migrosbank.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 08.04.2020, 13:22:22 +, Signature-Inception: 25.03.2020, 11:52:22 +, KeyTag 50197, Signer-Name: migrosbank.ch
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CDS, CDNSKEY, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CDS, CDNSKEY, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: No Bitmap?
|
|
|
Zone: www.migrosbank.ch
|
|
www.migrosbank.ch
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "0v8j2b2ajp7l6jh02vkdus3iqreqt7i7" between the hashed NSEC3-owner "0v8j2b2ajp7l6jh02vkdus3iqreqt7i7" and the hashed NextOwner "1csdbfh4i9n0ii0k1odo7d4o4cgmjav4". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner 0v8j2b2ajp7l6jh02vkdus3iqreqt7i7.migrosbank.ch., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 08.04.2020, 13:22:22 +, Signature-Inception: 25.03.2020, 11:52:22 +, KeyTag 50197, Signer-Name: migrosbank.ch
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 159.179.169.15
Validated: RRSIG-Owner www.migrosbank.ch., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 08.04.2020, 13:22:22 +, Signature-Inception: 25.03.2020, 11:52:22 +, KeyTag 50197, Signer-Name: migrosbank.ch
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2020-04-08 13:22:22 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, RRSIG
|