Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26470, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 38696, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.02.2025, 00:00:00 +, Signature-Inception: 31.01.2025, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 18.02.2025, 17:00:00 +, Signature-Inception: 05.02.2025, 16:00:00 +, KeyTag 26470, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26470 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 19718, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 23202, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 16.02.2025, 15:02:35 +, Signature-Inception: 01.02.2025, 14:57:35 +, KeyTag 19718, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 19718 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 19718, DigestType 2 and Digest "isuwzSj0ElCoCkkTiUJNNBUi2Uaw2gwCkfLT13HXgFo=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: rho-force.com
|
|
rho-force.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vb4921tt2paahjlsdj953srtaggch6ol" between the hashed NSEC3-owner "vb490lbg4p88a8dvjvce0d0nmkuvlrvh" and the hashed NextOwner "vb499h0et4os6ldjknqt6k3hjsboveaa". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner vb490lbg4p88a8dvjvce0d0nmkuvlrvh.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 10.02.2025, 02:04:07 +, Signature-Inception: 03.02.2025, 00:54:07 +, KeyTag 23202, Signer-Name: com
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "ck0pojmg874ljref7efn8430qvit8bsm" as Owner. That's the Hash of "com" with the NextHashedOwnerName "ck0q3udg8cekkae7rukpgct1dvssh8ll". So that domain name is the Closest Encloser of "rho-force.com". Opt-Out: True.
Bitmap: NS, SOA, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner ck0pojmg874ljref7efn8430qvit8bsm.com., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 12.02.2025, 00:26:42 +, Signature-Inception: 04.02.2025, 23:16:42 +, KeyTag 23202, Signer-Name: com
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner rho-force.com., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 04.04.2025, 16:42:14 +, Signature-Inception: 02.02.2025, 16:42:14 +, KeyTag 2371, Signer-Name: rho-force.com
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| Error: DNSKEY 2371 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created.
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.203.217.45
Validated: RRSIG-Owner rho-force.com., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 07.02.2025, 02:13:55 +, Signature-Inception: 05.02.2025, 00:13:55 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 mx include:_spf.porkbun.com ~all
Validated: RRSIG-Owner rho-force.com., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 07.02.2025, 02:13:55 +, Signature-Inception: 05.02.2025, 00:13:55 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "rho-force.com" equal the NSEC-owner "rho-force.com" and the NextOwner "\000.rho-force.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI, CAA Validated: RRSIG-Owner rho-force.com., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:55 +, Signature-Inception: 05.02.2025, 00:13:55 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "rho-force.com" equal the NSEC-owner "rho-force.com" and the NextOwner "\000.rho-force.com". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI, CAA Validated: RRSIG-Owner rho-force.com., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:55 +, Signature-Inception: 05.02.2025, 00:13:55 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.rho-force.com) sends a valid NSEC RR as result with the query name "_443._tcp.rho-force.com" equal the NSEC-owner "_443._tcp.rho-force.com" and the NextOwner "\000._443._tcp.rho-force.com". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC, 128 Validated: RRSIG-Owner _443._tcp.rho-force.com., Algorithm: 13, 4 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:55 +, Signature-Inception: 05.02.2025, 00:13:55 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "rho-force.com" equal the NSEC-owner "rho-force.com" and the NextOwner "\000.rho-force.com". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, DNSKEY, TLSA, 53, HIP, CDS, CDNSKEY, 61, 64, 65, URI Validated: RRSIG-Owner rho-force.com., Algorithm: 13, 2 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:55 +, Signature-Inception: 05.02.2025, 00:13:55 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.rho-force.com
|
|
www.rho-force.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.rho-force.com" and the NextOwner "\000.www.rho-force.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.203.217.45
Validated: RRSIG-Owner www.rho-force.com., Algorithm: 13, 3 Labels, original TTL: 600 sec, Signature-expiration: 07.02.2025, 02:13:57 +, Signature-Inception: 05.02.2025, 00:13:57 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "www.rho-force.com" equal the NSEC-owner "www.rho-force.com" and the NextOwner "\000.www.rho-force.com". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.rho-force.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:57 +, Signature-Inception: 05.02.2025, 00:13:57 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "www.rho-force.com" equal the NSEC-owner "www.rho-force.com" and the NextOwner "\000.www.rho-force.com". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.rho-force.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:57 +, Signature-Inception: 05.02.2025, 00:13:57 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "www.rho-force.com" equal the NSEC-owner "www.rho-force.com" and the NextOwner "\000.www.rho-force.com". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner www.rho-force.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:57 +, Signature-Inception: 05.02.2025, 00:13:57 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.rho-force.com) sends a valid NSEC RR as result with the query name "_443._tcp.www.rho-force.com" equal the NSEC-owner "_443._tcp.www.rho-force.com" and the NextOwner "\000._443._tcp.www.rho-force.com". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC, 128 Validated: RRSIG-Owner _443._tcp.www.rho-force.com., Algorithm: 13, 5 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:57 +, Signature-Inception: 05.02.2025, 00:13:57 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "www.rho-force.com" equal the NSEC-owner "www.rho-force.com" and the NextOwner "\000.www.rho-force.com". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner www.rho-force.com., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 07.02.2025, 02:13:57 +, Signature-Inception: 05.02.2025, 00:13:57 +, KeyTag 34505, Signer-Name: rho-force.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|