Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59944, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.09.2019, 00:00:00 +, Signature-Inception: 20.08.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 05.09.2019, 05:00:00 +, Signature-Inception: 23.08.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17708, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.09.2019, 18:25:33 +, Signature-Inception: 20.08.2019, 18:20:33 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nophic.com
|
|
nophic.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "ss6fg8r5b18s1fb64pe241ffp6b4habi" between the hashed NSEC3-owner "ss6ffsa4u5bidbn6mfpf1nl4ko9ksjrj" and the hashed NextOwner "ss6fns1evgbln5jddn65hth1vbs28ld3". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner ss6ffsa4u5bidbn6mfpf1nl4ko9ksjrj.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 29.08.2019, 04:27:36 +, Signature-Inception: 22.08.2019, 03:17:36 +, KeyTag 17708, Signer-Name: com
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 12183, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 65522, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nophic.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 22.09.2019, 17:45:06 +, Signature-Inception: 23.08.2019, 16:45:06 +, KeyTag 12183, Signer-Name: nophic.com
|
|
|
|
|
| RRSIG-Owner nophic.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 22.09.2019, 17:45:06 +, Signature-Inception: 23.08.2019, 16:45:06 +, KeyTag 65522, Signer-Name: nophic.com
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 12183 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 65522 used to validate the DNSKEY RRSet
|
|
|
|
|
| Error: DNSKEY 12183 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
|
|
| Error: DNSKEY 65522 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.228.136.144
Validated: RRSIG-Owner nophic.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 22.09.2019, 17:24:01 +, Signature-Inception: 23.08.2019, 16:45:06 +, KeyTag 65522, Signer-Name: nophic.com
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 ip4:217.10.14.233 ip4:217.10.14.44 ip4:185.228.136.144 ip4:188.68.45.194 ip4:5.189.136.46 ip4:173.249.21.64 ip6:2a02:c207:3002:7375::1 ~all
Validated: RRSIG-Owner nophic.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 22.09.2019, 17:24:01 +, Signature-Inception: 23.08.2019, 16:45:06 +, KeyTag 65522, Signer-Name: nophic.com
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:hostmaster@aw.net
5|issueletsencrypt.org
9|issuewildletsencrypt.org
Validated: RRSIG-Owner nophic.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 22.09.2019, 17:24:01 +, Signature-Inception: 23.08.2019, 16:45:06 +, KeyTag 65522, Signer-Name: nophic.com
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:28:04 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, MX, TXT, RP, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:28:04 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, NS, SOA, MX, TXT, RP, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:28:04 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, NS, SOA, MX, TXT, RP, RRSIG, DNSKEY, NSEC3PARAM, CAA
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:55:42 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RP, RRSIG
|
|
|
Zone: www.nophic.com
|
|
www.nophic.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "37fltko03seamecrchp0sfmo4qi1d021" between the hashed NSEC3-owner "37fltko03seamecrchp0sfmo4qi1d021" and the hashed NextOwner "f7jg8nq2gb9l0dcb1prtkklnt5am75qj". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RP, RRSIG Validated: RRSIG-Owner 37fltko03seamecrchp0sfmo4qi1d021.nophic.com., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2019, 17:55:42 +, Signature-Inception: 23.08.2019, 16:55:42 +, KeyTag 65522, Signer-Name: nophic.com
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.228.136.144
Validated: RRSIG-Owner www.nophic.com., Algorithm: 7, 3 Labels, original TTL: 259200 sec, Signature-expiration: 22.09.2019, 17:24:01 +, Signature-Inception: 23.08.2019, 16:45:06 +, KeyTag 65522, Signer-Name: nophic.com
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:55:42 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, RP, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:55:42 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, RP, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:55:42 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, RP, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:55:42 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RP, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-09-22 17:55:42 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, RP, RRSIG
|