Shortcuts: Top | Url-Checks | Comments | Connections | Certificates | CT-Logs | Html-Content | CAA | TXT |


M

Misconfiguration - http-status 400 - 499

last check:
09.04.2019 20:05:37


Older results

HostTIP-Addressis auth.∑ Queries∑ Timeout
nino.lbl.gov
A
131.243.28.45
yes
1
0

AAAA

yes


www.nino.lbl.gov

Name Error
yes
1
0


Zone (*)DNSSEC - Informations (beta)
(root)
1 DS RR published

Status: Valid because published

3 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 16749, Flags 256

Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 25266, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2019, 00:00:00, Signature-Inception: 01.04.2019, 00:00:00, KeyTag 20326, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
gov
2 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.04.2019, 17:00:00, Signature-Inception: 09.04.2019, 16:00:00, KeyTag 25266, Signer-Name: (root)

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25266 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 8, KeyTag 7698, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 8, KeyTag 28157, Flags 256

1 RRSIG RR to validate DNSKEY RR found

Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.04.2019, 21:47:31, Signature-Inception: 07.04.2019, 21:42:31, KeyTag 7698, Signer-Name: gov

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 7698 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 1 and Digest "bxCbRqgM6pYT3IbVo+BlUgUFqv4=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 7698, DigestType 2 and Digest "a8lJ5jhELq0L2vCTV2PI0AN2A4T/Feu9XOhrtVWVYfA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
lbl.gov
2 DS RR in the parent zone found

1 RRSIG RR to validate DS RR found

Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 16.04.2019, 16:10:07, Signature-Inception: 09.04.2019, 16:10:07, KeyTag 28157, Signer-Name: gov

Status: Good - Algorithmus 8 and DNSKEY with KeyTag 28157 used to validate the DS RRSet in the parent zone

2 DNSKEY RR found

Public Key with Algorithm 7, KeyTag 33234, Flags 257 (SEP = Secure Entry Point)

Public Key with Algorithm 7, KeyTag 48167, Flags 256

2 RRSIG RR to validate DNSKEY RR found

Algorithm: 7, 2 Labels, original TTL: 43200 sec, Signature-expiration: 11.06.2019, 21:47:59, Signature-Inception: 13.03.2019, 20:47:59, KeyTag 33234, Signer-Name: lbl.gov

Algorithm: 7, 2 Labels, original TTL: 43200 sec, Signature-expiration: 11.06.2019, 21:47:59, Signature-Inception: 13.03.2019, 20:47:59, KeyTag 48167, Signer-Name: lbl.gov

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 33234 used to validate the DNSKEY RRSet

Status: Good - Algorithmus 7 and DNSKEY with KeyTag 48167 used to validate the DNSKEY RRSet

Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 33234, DigestType 1 and Digest "U5iCQieCrIHLm+yEeOxxauE0FKI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 33234, DigestType 2 and Digest "7nCaU9gKWZWeajd3ClEpP8mG+EQb8dwQ4N7mKOm+JPQ=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
nino.lbl.gov
0 DS RR in the parent zone found

0 DNSKEY RR found



RRSIG Type 1, expiration 2019-05-13 05:21:15 validates the A - Result: 131.243.28.45

RRSIG Type 16, expiration 2019-05-13 05:21:15 validates the TXT - Result: v=spf1 include:spfint.lbl.gov ~all

RRSIG Type 47, expiration 2019-05-13 05:21:15 validates the NSEC RR that proves the not-existence of the CNAME RR

RRSIG Type 47, expiration 2019-05-13 05:21:15 validates the NSEC RR that proves the not-existence of the AAAA RR

RRSIG Type 47, expiration 2019-05-13 05:21:15 validates the NSEC RR that proves the not-existence of the TLSA RR

RRSIG Type 47, expiration 2019-05-13 05:21:15 validates the NSEC RR that proves the not-existence of the CAA RR
www.nino.lbl.gov
0 DS RR in the parent zone found


DomainNameserverNS-IP
www.nino.lbl.gov
  nsx.lbl.gov

nino.lbl.gov
  nsx.lbl.gov
131.243.64.3

 
2620:83:8000:140::3
lbl.gov
  adns1.es.net


  adns2.es.net


  nsd.lbl.gov


  nsx.lbl.gov

gov
  a.gov-servers.net


  b.gov-servers.net


  c.gov-servers.net


  d.gov-servers.net



SOA - records (beta)

Domain:gov
Primary:a.gov-servers.net
Mail:nstld.verisign-grs.com
Serial:1554829801
Refresh:3600
Retry:900
Expire:1814400
TTL:86400
num Entries:4


Domain:lbl.gov
Primary:nsx.lbl.gov
Mail:hostmaster.nsx.lbl.gov
Serial:2019033081
Refresh:14400
Retry:1800
Expire:2419200
TTL:300
num Entries:4


Domain:nino.lbl.gov
Primary:nsx.lbl.gov
Mail:hostmaster.nsx.lbl.gov
Serial:2019033081
Refresh:14400
Retry:1800
Expire:2419200
TTL:300
num Entries:2



show header:
Domainname Http-StatusredirectSec.G
• http://nino.lbl.gov/
131.243.28.45
301
https://nino.lbl.gov/
0.337
A
Date: Tue, 09 Apr 2019 18:06:38 GMT
Server: Apache
Location: https://nino.lbl.gov/
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://nino.lbl.gov/
131.243.28.45
401

1.393
M
Unauthorized
Date: Tue, 09 Apr 2019 18:06:39 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
WWW-Authenticate: Basic realm="Berkeley SNO+ Wiki"
Content-Length: 381
Connection: close
Content-Type: text/html; charset=iso-8859-1

• http://nino.lbl.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
131.243.28.45
301
https://nino.lbl.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
0.336
A
Visible Content: Moved Permanently The document has moved here .
Date: Tue, 09 Apr 2019 18:06:40 GMT
Server: Apache
Location: https://nino.lbl.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1

• https://nino.lbl.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

200

1.387

Visible Content:
Date: Tue, 09 Apr 2019 18:06:41 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Tue, 09 Apr 2019 18:05:13 GMT
ETag: "0-5861ccb6c8b41"
Accept-Ranges: bytes
Content-Length: 0
Connection: close

Comments

Aname "nino.lbl.gov" is subdomain, public suffix is "gov", top-level-domain-type is "sponsored", tld-manager is "General Services Administration Attn: QTDC, 2E08 (.gov Domain Registration)"
Agood: All ip addresses are public addresses
Agood: No asked Authoritative Name Server had a timeout
ADNS: "Name Error" means: No www-dns-entry defined. This isn't a problem
Agood - only one version with Http-Status 200
Ahttp://nino.lbl.gov/ 131.243.28.45
301
https://nino.lbl.gov/
correct redirect http - https with the same domain name
Mhttps://nino.lbl.gov/ 131.243.28.45
401

Misconfiguration - main pages should never send http status 400 - 499
AGood: Nameserver supports TCP connections: 2 good Nameserver
AGood: Nameserver supports Echo Capitalization: 2 good Nameserver
AGood: Nameserver supports EDNS with max. 512 Byte Udp payload, message is smaller: 2 good Nameserver
AGood: Nameserver has passed 10 EDNS-Checks (OP100, FLAGS, V1, V1OP100, V1FLAGS, DNSSEC, V1DNSSEC, NSID, COOKIE, CLIENTSUBNET): 2 good Nameserver
Nameserver doesn't pass all EDNS-Checks: nsx.lbl.gov: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate
https://nino.lbl.gov/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
200

Warning: Not existing ACME-file, but Server sends 200, not 404 or redirect
ADuration: 65587 milliseconds, 65.587 seconds


Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
nino.lbl.gov
131.243.28.45
443
ok
Tls12
ECDH Ephermal
256
Aes256
256
Sha384
error checking OCSP stapling
ok
Chain (complete)
1CN=cuwip.physics.berkeley.edu

2CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US


Certificates

1.
1.
CN=cuwip.physics.berkeley.edu
28.01.2019
28.04.2019
expires in 7 days
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, rat-pac.berkeley.edu, ratpac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu - 8 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:034663E1BE98A7355E5842B479DDD27410D4
Thumbprint:F0B69EE3EDEEFB8B583FE814630DAC9731DDBE5A
SHA256 / Certificate:ADeY1GXkMNMy9rlgJyazMlpao2X/fwhZl/8oSYXKvTw=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):e37efe170ed11c6f9e8d5226007498865e6f406235ce07d56e37a0dfca9038c1
OCSP - Url:http://ocsp.int-x3.letsencrypt.org
OCSP - must staple:no
Certificate Transparency:yes


2.
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
17.03.2016
17.03.2021
expires in 696 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0A0141420000015385736A0B85ECA708
Thumbprint:E6A3B45B062D509B3382282D196EFE97D5956CCB
SHA256 / Certificate:JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=
SHA256 hex / Cert (DANE * 0 1):25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA256 hex / PublicKey (DANE * 1 1):60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
OCSP - Url:http://isrg.trustid.ocsp.identrust.com
OCSP - must staple:no
Certificate Transparency:no


3.
CN=DST Root CA X3, O=Digital Signature Trust Co.
30.09.2000
30.09.2021
expires in 893 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:44AFB080D6A327BA893039862EF8406B
Thumbprint:DAC9024F54D8F6DF94935FB1732638CA6AD77C13
SHA256 / Certificate:BocmAzGnJAPZCfEF5pvPDTLhvSST/8bZIG0RvNZ3Bzk=
SHA256 hex / Cert (DANE * 0 1):0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
SHA256 hex / PublicKey (DANE * 1 1):563b3caf8cfef34c2335caf560a7a95906e8488462eb75ac59784830df9e5b2b
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no



Last Certificates - Certificate Transparency Log Check (BETA)

Issuerlast 7 daysactivenum Certs
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
0
2
14

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1152977734
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-01-28 19:59:19
2019-04-28 18:59:19
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


1131273741
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-01-21 13:35:16
2019-04-21 12:35:16
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


968068246
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-11-22 13:35:18
2019-02-20 13:35:18
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


820446647
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-09-23 11:35:16
2018-12-22 12:35:16
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


660638997
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-07-25 11:35:16
2018-10-23 11:35:16
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


487869358
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-05-26 11:35:15
2018-08-24 11:35:15
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


367737280
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-03-27 11:35:25
2018-06-25 11:35:25
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


313102065
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2018-01-25 13:35:23
2018-04-25 12:35:23
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


264675810
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2017-11-26 13:35:17
2018-02-24 13:35:17
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


218881872
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2017-09-27 11:35:00
2017-12-26 12:35:00
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


180729959
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2017-07-29 11:36:00
2017-10-27 11:36:00
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


146189365
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2017-05-30 11:35:00
2017-08-28 11:35:00
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


110541404
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2017-03-30 17:25:00
2017-06-28 17:25:00
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, rat-pac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
8 entries


110460431
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2017-03-30 14:42:00
2017-06-28 14:42:00
cuwip.physics.berkeley.edu, frost.physics.berkeley.edu, nino.lbl.gov, ratpac.berkeley.edu, snopluspmts.physics.berkeley.edu, theia.berkeley.edu, underground.physics.berkeley.edu
7 entries



Html-Content - Entries (BETA - mixed content and other checks)

No Html-Content entries found. Only checked if https + status 200/401/403/404


CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
nino.lbl.gov
0

no CAA entry found
1
0
lbl.gov
0

no CAA entry found
1
0
gov
0

no CAA entry found
1
0


TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
nino.lbl.gov
v=spf1 include:spfint.lbl.gov ~all
ok
1
0
_acme-challenge.nino.lbl.gov

Name Error - The domain name does not exist
1
0
_acme-challenge.nino.lbl.gov.nino.lbl.gov

Name Error - The domain name does not exist
1
0



Permalink: https://check-your-website.server-daten.de/?i=b3db41cf-f6c3-4dc8-9ae2-b549f9cfeb6f


Last Result: https://check-your-website.server-daten.de/?q=nino.lbl.gov