Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46594, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.08.2020, 00:00:00 +, Signature-Inception: 11.07.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: org
|
|
org
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 7, KeyTag 17883, DigestType 1 and Digest OMXPk7Npx1V+BRX6qlcGDxv7EsE=
|
|
|
|
|
| DS with Algorithm 7, KeyTag 17883, DigestType 2 and Digest 2InK15DwGXnoYNZie1j4WrVU4OSR/gZRXzVUjR605u4=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.07.2020, 05:00:00 +, Signature-Inception: 14.07.2020, 04:00:00 +, KeyTag 46594, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46594 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 17883, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 21869, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 27353, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner org., Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 30.07.2020, 15:25:41 +, Signature-Inception: 09.07.2020, 14:25:41 +, KeyTag 17883, Signer-Name: org
|
|
|
|
|
| RRSIG-Owner org., Algorithm: 7, 1 Labels, original TTL: 900 sec, Signature-expiration: 30.07.2020, 15:25:41 +, Signature-Inception: 09.07.2020, 14:25:41 +, KeyTag 27353, Signer-Name: org
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 17883 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 27353 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 17883, DigestType 1 and Digest "OMXPk7Npx1V+BRX6qlcGDxv7EsE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 17883, DigestType 2 and Digest "2InK15DwGXnoYNZie1j4WrVU4OSR/gZRXzVUjR605u4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: mphillips.org
|
|
mphillips.org
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest 30rmfqz9GU2JhhITr8ihaFCWB5To5gPcAZrEUAecJ1Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner mphillips.org., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 30.07.2020, 15:25:41 +, Signature-Inception: 09.07.2020, 14:25:41 +, KeyTag 27353, Signer-Name: org
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 27353 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner mphillips.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 07.08.2020, 11:07:39 +, Signature-Inception: 08.06.2020, 11:07:39 +, KeyTag 2371, Signer-Name: mphillips.org
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "30rmfqz9GU2JhhITr8ihaFCWB5To5gPcAZrEUAecJ1Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 37.157.51.81
Validated: RRSIG-Owner mphillips.org., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|issueletsencrypt.org
9|issuewildletsencrypt.org
Validated: RRSIG-Owner mphillips.org., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "mphillips.org" equal the NSEC-owner "mphillips.org" and the NextOwner "\000.mphillips.org". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, HIP, CDS, CDNSKEY, 61, 99, CAA Validated: RRSIG-Owner mphillips.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "mphillips.org" equal the NSEC-owner "mphillips.org" and the NextOwner "\000.mphillips.org". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, HIP, CDS, CDNSKEY, 61, 99, CAA Validated: RRSIG-Owner mphillips.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "mphillips.org" equal the NSEC-owner "mphillips.org" and the NextOwner "\000.mphillips.org". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, HIP, CDS, CDNSKEY, 61, 99, CAA Validated: RRSIG-Owner mphillips.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.mphillips.org) sends a valid NSEC RR as result with the query name "_443._tcp.mphillips.org" equal the NSEC-owner "_443._tcp.mphillips.org" and the NextOwner "\000._443._tcp.mphillips.org". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC Validated: RRSIG-Owner _443._tcp.mphillips.org., Algorithm: 13, 4 Labels, original TTL: 3600 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.mphillips.org
|
|
www.mphillips.org
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.mphillips.org" and the NextOwner "\000.www.mphillips.org". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, CERT, SSHFP, RRSIG, NSEC, TLSA, HIP, 61, 99, CAA
|
|
|
|
|
| RRSIG Type 5 validates the CNAME - Result: mphillips.org
Validated: RRSIG-Owner www.mphillips.org., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 15.07.2020, 09:42:14 +, Signature-Inception: 13.07.2020, 07:42:14 +, KeyTag 34505, Signer-Name: mphillips.org
|