Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 42351, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.02.2021, 00:00:00 +, Signature-Inception: 21.01.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: si
|
|
si
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 39337, DigestType 2 and Digest qfShvMo3FL4rK9AQvlTDfpuPslxzQYoc64KDoinme2o=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner si., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 07.02.2021, 05:00:00 +, Signature-Inception: 25.01.2021, 04:00:00 +, KeyTag 42351, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 42351 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 39337, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 52704, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner si., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 07.02.2021, 09:10:58 +, Signature-Inception: 24.01.2021, 20:09:19 +, KeyTag 39337, Signer-Name: si
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 39337 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 39337, DigestType 2 and Digest "qfShvMo3FL4rK9AQvlTDfpuPslxzQYoc64KDoinme2o=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: osi.si
|
|
osi.si
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 3856, DigestType 2 and Digest KiKyLD8TLHMPYRsYrFt2sIx2gP1QRCedzOb90cq5Ru0=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner osi.si., Algorithm: 8, 2 Labels, original TTL: 7200 sec, Signature-expiration: 31.01.2021, 22:56:37 +, Signature-Inception: 18.01.2021, 13:08:53 +, KeyTag 52704, Signer-Name: si
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 52704 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 3856, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 52131, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner osi.si., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 3856, Signer-Name: osi.si
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 3856 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 3856, DigestType 2 and Digest "KiKyLD8TLHMPYRsYrFt2sIx2gP1QRCedzOb90cq5Ru0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 138.68.95.46
Validated: RRSIG-Owner osi.si., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:_spf.google.com ip4:185.49.3.184 ip4:185.49.3.185 ip4:91.198.0.110 ip4:185.49.3.246 ip4:84.255.238.114 ip4:138.197.190.165 ip4:46.101.110.81 ip4:138.68.95.46 ip4:46.101.189.219 ip6:2a03:b0c0:3:d0::eb:2001 ip6:2a03:b0c0:3:d0::f4:d001 -all
Validated: RRSIG-Owner osi.si., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A03:B0C0:0003:00D0:0000:0000:00F4:D001
Validated: RRSIG-Owner osi.si., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "s6jpt2d5b0pcedck6gf215vmed1mjsso" equal the hashed NSEC3-owner "s6jpt2d5b0pcedck6gf215vmed1mjsso" and the hashed NextOwner "shiadcli3t3g2r0lrfi4tbobee530kgv". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner s6jpt2d5b0pcedck6gf215vmed1mjsso.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.osi.si) sends a valid NSEC3 RR as result with the hashed owner name "s6jpt2d5b0pcedck6gf215vmed1mjsso" (unhashed: osi.si). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner s6jpt2d5b0pcedck6gf215vmed1mjsso.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "btfba84ssrj73jrkeejatlj1okgfj64j" (unhashed: _tcp.osi.si) with the owner "bk27vknm4110bcs3jgmofq712ispqk9v" and the NextOwner "c0nl2gsv9r5rt5mb1je1i7t1jhrs0i1m". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: A, RRSIG Validated: RRSIG-Owner bk27vknm4110bcs3jgmofq712ispqk9v.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "478e2b8fg00sntoc0dvstobk06uagemr" (unhashed: *.osi.si) with the owner "45bd0d8dvsukq2gan5i7odi55ejg7qg2" and the NextOwner "4aglq1ljttbb1qksar7cfpfun2k2vq28". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, RRSIG Validated: RRSIG-Owner 45bd0d8dvsukq2gan5i7odi55ejg7qg2.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "s6jpt2d5b0pcedck6gf215vmed1mjsso" equal the hashed NSEC3-owner "s6jpt2d5b0pcedck6gf215vmed1mjsso" and the hashed NextOwner "shiadcli3t3g2r0lrfi4tbobee530kgv". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM, CDS Validated: RRSIG-Owner s6jpt2d5b0pcedck6gf215vmed1mjsso.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.osi.si
|
|
www.osi.si
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" between the hashed NSEC3-owner "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" and the hashed NextOwner "t2st1b3di35bh6nfch4mqgjbvpf0mki4". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner t0nf5l4vvq0gpvevbi2hj9l3905cgi24.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 138.68.95.46
Validated: RRSIG-Owner www.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A03:B0C0:0003:00D0:0000:0000:00F4:D001
Validated: RRSIG-Owner www.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.www.osi.si): _443._tcp.www.osi.si: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: bcda0ae68c5a91c833205389ffb0fce28a8d0449147f391cba0f6af9198e2d65
Validated: RRSIG-Owner _443._tcp.www.osi.si., Algorithm: 8, 5 Labels, original TTL: 1800 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" equal the hashed NSEC3-owner "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" and the hashed NextOwner "t2st1b3di35bh6nfch4mqgjbvpf0mki4". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner t0nf5l4vvq0gpvevbi2hj9l3905cgi24.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" equal the hashed NSEC3-owner "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" and the hashed NextOwner "t2st1b3di35bh6nfch4mqgjbvpf0mki4". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner t0nf5l4vvq0gpvevbi2hj9l3905cgi24.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" equal the hashed NSEC3-owner "t0nf5l4vvq0gpvevbi2hj9l3905cgi24" and the hashed NextOwner "t2st1b3di35bh6nfch4mqgjbvpf0mki4". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner t0nf5l4vvq0gpvevbi2hj9l3905cgi24.osi.si., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.02.2021, 20:49:22 +, Signature-Inception: 23.01.2021, 20:49:22 +, KeyTag 52131, Signer-Name: osi.si
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|