Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22545, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.12.2019, 00:00:00 +, Signature-Inception: 20.11.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 03.12.2019, 05:00:00 +, Signature-Inception: 20.11.2019, 04:00:00 +, KeyTag 22545, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22545 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 12163, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17708, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 02.12.2019, 19:24:21 +, Signature-Inception: 17.11.2019, 19:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 02.12.2019, 19:24:21 +, Signature-Inception: 17.11.2019, 19:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: realmofaesir.com
|
|
realmofaesir.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "krplk749r1ae5un1ajuqjp6i78d6vsr7" between the hashed NSEC3-owner "krplcgpijaf1qge5pvp90nu06h6vhf33" and the hashed NextOwner "krplmhh1l7p5kqme9mj4m96jhlclocuk". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner krplcgpijaf1qge5pvp90nu06h6vhf33.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 25.11.2019, 06:52:48 +, Signature-Inception: 18.11.2019, 05:42:48 +, KeyTag 12163, Signer-Name: com
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 27005, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 56836, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner realmofaesir.com., Algorithm: 8, 2 Labels, original TTL: 3601 sec, Signature-expiration: 28.11.2019, 00:00:00 +, Signature-Inception: 07.11.2019, 00:00:00 +, KeyTag 27005, Signer-Name: realmofaesir.com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 27005 used to validate the DNSKEY RRSet
|
|
|
|
|
| Error: DNSKEY 27005 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 ip4:62.210.141.213 ip6:fe80::d6ae:52ff:fed0:1dee ~all
Validated: RRSIG-Owner realmofaesir.com., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 28.11.2019, 00:00:00 +, Signature-Inception: 07.11.2019, 00:00:00 +, KeyTag 56836, Signer-Name: realmofaesir.com
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 62.210.141.213
Validated: RRSIG-Owner realmofaesir.com., Algorithm: 8, 2 Labels, original TTL: 60 sec, Signature-expiration: 28.11.2019, 00:00:00 +, Signature-Inception: 07.11.2019, 00:00:00 +, KeyTag 56836, Signer-Name: realmofaesir.com
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the CNAME RR. Owner realmofaesir.com, NextOwner: lotr.realmofaesir.com.
Bitmap: A, NS, SOA, TXT, RRSIG, NSEC, DNSKEY
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the AAAA RR. Owner realmofaesir.com, NextOwner: lotr.realmofaesir.com.
Bitmap: A, NS, SOA, TXT, RRSIG, NSEC, DNSKEY
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the TLSA RR. Owner realmofaesir.com, NextOwner: lotr.realmofaesir.com.
Bitmap: A, NS, SOA, TXT, RRSIG, NSEC, DNSKEY
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the CAA RR. Owner realmofaesir.com, NextOwner: lotr.realmofaesir.com.
Bitmap: A, NS, SOA, TXT, RRSIG, NSEC, DNSKEY
|
|
|
Zone: www.realmofaesir.com
|
|
www.realmofaesir.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.realmofaesir.com" and the NextOwner "realmofaesir.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 62.210.141.213
Validated: RRSIG-Owner www.realmofaesir.com., Algorithm: 8, 3 Labels, original TTL: 60 sec, Signature-expiration: 28.11.2019, 00:00:00 +, Signature-Inception: 07.11.2019, 00:00:00 +, KeyTag 56836, Signer-Name: realmofaesir.com
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the CNAME RR. Owner www.realmofaesir.com, NextOwner: realmofaesir.com.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the TXT RR. Owner www.realmofaesir.com, NextOwner: realmofaesir.com.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the AAAA RR. Owner www.realmofaesir.com, NextOwner: realmofaesir.com.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the TLSA RR. Owner www.realmofaesir.com, NextOwner: realmofaesir.com.
Bitmap: A, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-11-28 00:00:00 + validates the NSEC RR that proves the not-existence of the CAA RR. Owner www.realmofaesir.com, NextOwner: realmofaesir.com.
Bitmap: A, RRSIG, NSEC
|