Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 61050, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.12.2024, 00:00:00 +, Signature-Inception: 20.11.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nz
|
|
nz
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 934, DigestType 2 and Digest nVjxYnwTUEPyyxLfIFRcU/AvG7eOftViyAIITftnLi4=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 39170, DigestType 2 and Digest rbghTM+Q1akn4nGXy22uBmgjWKslc1gHw8182VuqEfc=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner nz., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 12.12.2024, 17:00:00 +, Signature-Inception: 29.11.2024, 16:00:00 +, KeyTag 61050, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 61050 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 5 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 934, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 39170, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 51301, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 57220, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59319, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nz., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 12.12.2024, 12:18:20 +, Signature-Inception: 27.11.2024, 21:53:49 +, KeyTag 934, Signer-Name: nz
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 934 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 934, DigestType 2 and Digest "nVjxYnwTUEPyyxLfIFRcU/AvG7eOftViyAIITftnLi4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: neemo.nz
|
|
neemo.nz
| 2 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 4209, DigestType 2 and Digest o5Cwok3RW4QBNXMp31rhgGn63jjZppNyeOGYa0fYPSM=
|
|
|
|
|
| DS with Algorithm 8, KeyTag 12154, DigestType 2 and Digest PP6H3hkhXUhwkXppkR7bXQe+68r4Z0cvmT3nt6+mSzA=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner neemo.nz., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 13.12.2024, 19:47:42 +, Signature-Inception: 27.11.2024, 21:53:49 +, KeyTag 57220, Signer-Name: nz
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57220 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5028, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 12154, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 39453, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner neemo.nz., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| RRSIG-Owner neemo.nz., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 12154, Signer-Name: neemo.nz
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5028 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 12154 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 12154, DigestType 2 and Digest "PP6H3hkhXUhwkXppkR7bXQe+68r4Z0cvmT3nt6+mSzA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 119.224.65.91
Validated: RRSIG-Owner neemo.nz., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:neemoserver@gmail.com
5|issueletsencrypt.org
Validated: RRSIG-Owner neemo.nz., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" equal the hashed NSEC3-owner "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" and the hashed NextOwner "u8m5gafd08s9t12271udeuapvjfsr9u6". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner r1tosh2rnasjvtf4prdso4kk0cvi0ehq.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" equal the hashed NSEC3-owner "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" and the hashed NextOwner "u8m5gafd08s9t12271udeuapvjfsr9u6". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner r1tosh2rnasjvtf4prdso4kk0cvi0ehq.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" equal the hashed NSEC3-owner "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" and the hashed NextOwner "u8m5gafd08s9t12271udeuapvjfsr9u6". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner r1tosh2rnasjvtf4prdso4kk0cvi0ehq.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.neemo.nz) sends a valid NSEC3 RR as result with the hashed owner name "r1tosh2rnasjvtf4prdso4kk0cvi0ehq" (unhashed: neemo.nz). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner r1tosh2rnasjvtf4prdso4kk0cvi0ehq.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "ekbp83stpue6kih1nukiu2tstbpnvvr7" (unhashed: _tcp.neemo.nz) with the owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result with the hashed owner name "u8m5gafd08s9t12271udeuapvjfsr9u6" (unhashed: *.neemo.nz) as the Wildcard-Expansion of the Closest Encloser of the query name "qsmcd72caaf0vftkt551qm6j9neespcn". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner u8m5gafd08s9t12271udeuapvjfsr9u6.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.neemo.nz
|
|
www.neemo.nz
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "dong2t5eva9rqgedmhe8hg09r9i43q6e" between the hashed NSEC3-owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the hashed NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 119.224.65.91
Validated: RRSIG-Owner www.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "dong2t5eva9rqgedmhe8hg09r9i43q6e" equal the hashed NSEC3-owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the hashed NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "dong2t5eva9rqgedmhe8hg09r9i43q6e" equal the hashed NSEC3-owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the hashed NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "dong2t5eva9rqgedmhe8hg09r9i43q6e" equal the hashed NSEC3-owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the hashed NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.neemo.nz) sends a valid NSEC3 RR as result with the hashed owner name "dong2t5eva9rqgedmhe8hg09r9i43q6e" (unhashed: www.neemo.nz). So that's the Closest Encloser of the query name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "j8uih94dsphftch2hchckfkjiflgsrql" (unhashed: _tcp.www.neemo.nz) with the owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "hflfidnib67trb747gg6fhop8upbrukr" (unhashed: *.www.neemo.nz) with the owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "dong2t5eva9rqgedmhe8hg09r9i43q6e" equal the hashed NSEC3-owner "dong2t5eva9rqgedmhe8hg09r9i43q6e" and the hashed NextOwner "mlln1p725vpc5l2qmrvkip0hdgq5m56e". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner dong2t5eva9rqgedmhe8hg09r9i43q6e.neemo.nz., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 29.12.2024, 19:44:52 +, Signature-Inception: 29.11.2024, 18:44:52 +, KeyTag 5028, Signer-Name: neemo.nz
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|