Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14748, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 31.12.2021, 00:00:00 +, Signature-Inception: 10.12.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: de
|
|
de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest 80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.01.2022, 05:00:00 +, Signature-Inception: 19.12.2021, 04:00:00 +, KeyTag 14748, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14748 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26755, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 57564, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 30.12.2021, 17:30:07 +, Signature-Inception: 16.12.2021, 16:00:07 +, KeyTag 26755, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26755 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest "80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: alex-detsch.de
|
|
alex-detsch.de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 38396, DigestType 2 and Digest G4CQOA9qrINKT2Ba9NYVUFM76VYanEsqo+zYxN4XDHA=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner alex-detsch.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 02.01.2022, 05:29:56 +, Signature-Inception: 19.12.2021, 03:59:56 +, KeyTag 57564, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57564 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 38396, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner alex-detsch.de., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 38396 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 38396, DigestType 2 and Digest "G4CQOA9qrINKT2Ba9NYVUFM76VYanEsqo+zYxN4XDHA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: owncloud.alex-detsch.de
|
|
owncloud.alex-detsch.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| RRSIG Type 5 validates the CNAME - Result: snickers.alex-detsch.de
Validated: RRSIG-Owner owncloud.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 60 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
Zone: www.owncloud.alex-detsch.de
|
|
www.owncloud.alex-detsch.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vdjrtp3ii29t256l34rhep1mjlh71nmn" between the hashed NSEC3-owner "ua1r8n9eqr1686dphro7h00mg5119clt" and the hashed NextOwner "vps4btb36crnpbgv6seb6lbfsitshkoa". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner ua1r8n9eqr1686dphro7h00mg5119clt.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ifqngiarjuu53lpgvv0riftmf586p30f" as Owner. That's the Hash of "owncloud.alex-detsch.de" with the NextHashedOwnerName "inq4kl2pmprtmv2g5h1ane56a8o0rfr6". So that domain name is the Closest Encloser of "www.owncloud.alex-detsch.de". Opt-Out: False.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner ifqngiarjuu53lpgvv0riftmf586p30f.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| The ClosestEncloser says, that "*.owncloud.alex-detsch.de" with the Hash "ckug959vkanl1a10urfh8g68mfp97js3" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "bmvo7g16k5dhc4evs2j25susarj428mo" and the Next Owner "cnctlq9292l13j069jqdfr7a031bc54d", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner bmvo7g16k5dhc4evs2j25susarj428mo.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14748, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 31.12.2021, 00:00:00 +, Signature-Inception: 10.12.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: de
|
|
de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest 80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.01.2022, 05:00:00 +, Signature-Inception: 19.12.2021, 04:00:00 +, KeyTag 14748, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14748 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26755, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 57564, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 30.12.2021, 17:30:07 +, Signature-Inception: 16.12.2021, 16:00:07 +, KeyTag 26755, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26755 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest "80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: alex-detsch.de
|
|
alex-detsch.de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 38396, DigestType 2 and Digest G4CQOA9qrINKT2Ba9NYVUFM76VYanEsqo+zYxN4XDHA=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner alex-detsch.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 02.01.2022, 05:29:56 +, Signature-Inception: 19.12.2021, 03:59:56 +, KeyTag 57564, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57564 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 38396, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner alex-detsch.de., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 38396 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 38396, DigestType 2 and Digest "G4CQOA9qrINKT2Ba9NYVUFM76VYanEsqo+zYxN4XDHA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: snickers.alex-detsch.de
|
|
snickers.alex-detsch.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "lg5a2vds7v1eld3s3ftakhm22sloj14u" between the hashed NSEC3-owner "lg5a2vds7v1eld3s3ftakhm22sloj14u" and the hashed NextOwner "lql2slrf3muq2eqb3ujb1p2a39hdod5h". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner lg5a2vds7v1eld3s3ftakhm22sloj14u.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 94.130.149.210
Validated: RRSIG-Owner snickers.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 60 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:0638:0904:FFCB:0EC4:7AFF:FEC6:AE5C
Validated: RRSIG-Owner snickers.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 60 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "lg5a2vds7v1eld3s3ftakhm22sloj14u" equal the hashed NSEC3-owner "lg5a2vds7v1eld3s3ftakhm22sloj14u" and the hashed NextOwner "lql2slrf3muq2eqb3ujb1p2a39hdod5h". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner lg5a2vds7v1eld3s3ftakhm22sloj14u.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "lg5a2vds7v1eld3s3ftakhm22sloj14u" equal the hashed NSEC3-owner "lg5a2vds7v1eld3s3ftakhm22sloj14u" and the hashed NextOwner "lql2slrf3muq2eqb3ujb1p2a39hdod5h". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner lg5a2vds7v1eld3s3ftakhm22sloj14u.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.snickers.alex-detsch.de) sends a valid NSEC3 RR as result with the hashed owner name "lg5a2vds7v1eld3s3ftakhm22sloj14u" (unhashed: snickers.alex-detsch.de). So that's the Closest Encloser of the query name.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner lg5a2vds7v1eld3s3ftakhm22sloj14u.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "scrgvf815fg8dvmdtshl1pfsf2pc2hm3" (unhashed: _tcp.snickers.alex-detsch.de) with the owner "qi2g8ie2jbcqcdh2krm49u7njietj7df" and the NextOwner "t77966dipb3g07momd8ois8t2e2vee6e". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: RRSIG, TLSA Validated: RRSIG-Owner qi2g8ie2jbcqcdh2krm49u7njietj7df.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "klgi6omb610pvtagjjkgm8guic8am99f" (unhashed: *.snickers.alex-detsch.de) with the owner "kc3eo07vqqi20qopa7f6k6tldu4jnb8n" and the NextOwner "kubvlgq7io93jl9jmtt7tmts201vdl0e". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner kc3eo07vqqi20qopa7f6k6tldu4jnb8n.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "lg5a2vds7v1eld3s3ftakhm22sloj14u" equal the hashed NSEC3-owner "lg5a2vds7v1eld3s3ftakhm22sloj14u" and the hashed NextOwner "lql2slrf3muq2eqb3ujb1p2a39hdod5h". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner lg5a2vds7v1eld3s3ftakhm22sloj14u.alex-detsch.de., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2021, 00:00:00 +, Signature-Inception: 09.12.2021, 00:00:00 +, KeyTag 38396, Signer-Name: alex-detsch.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|