Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59944, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.08.2019, 00:00:00 +, Signature-Inception: 11.07.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nl
|
|
nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 25.07.2019, 05:00:00 +, Signature-Inception: 12.07.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17593, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 26.07.2019, 04:24:15 +, Signature-Inception: 12.07.2019, 05:07:03 +, KeyTag 34112, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: riskmgr.nl
|
|
riskmgr.nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner riskmgr.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 24.07.2019, 00:22:43 +, Signature-Inception: 09.07.2019, 19:38:02 +, KeyTag 17593, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17593 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 13262, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 34251, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 42224, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner riskmgr.nl., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 11.11.2019, 07:57:27 +, Signature-Inception: 12.07.2019, 07:57:27 +, KeyTag 13262, Signer-Name: riskmgr.nl
|
|
|
|
|
| RRSIG-Owner riskmgr.nl., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 11.11.2019, 07:57:27 +, Signature-Inception: 12.07.2019, 07:57:27 +, KeyTag 34251, Signer-Name: riskmgr.nl
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 13262 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 34251 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 34251, DigestType 2 and Digest "1Kgs2X2mr2TqQZaQEkmqTgDrnWLg87pQn9G0X6pCAKU=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 95.170.95.107
Validated: RRSIG-Owner riskmgr.nl., Algorithm: 7, 2 Labels, original TTL: 86400 sec, Signature-expiration: 11.11.2019, 07:57:27 +, Signature-Inception: 12.07.2019, 07:57:27 +, KeyTag 13262, Signer-Name: riskmgr.nl
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, NS, SOA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
Zone: www.riskmgr.nl
|
|
www.riskmgr.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "st10nfusdbokl6e24ia5uql67kkkae5l" between the hashed NSEC3-owner "st10nfusdbokl6e24ia5uql67kkkae5l" and the hashed NextOwner "vio12n69anqmbm3drs8u7oldtqd4ukq6". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner st10nfusdbokl6e24ia5uql67kkkae5l.riskmgr.nl., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 11.11.2019, 07:57:27 +, Signature-Inception: 12.07.2019, 07:57:27 +, KeyTag 13262, Signer-Name: riskmgr.nl
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 217.148.85.43
Validated: RRSIG-Owner www.riskmgr.nl., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 11.11.2019, 07:57:27 +, Signature-Inception: 12.07.2019, 07:57:27 +, KeyTag 13262, Signer-Name: riskmgr.nl
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the AAAA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: CNAME, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the TLSA RR.
Bitmap: A, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-11-11 07:57:27 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, RRSIG
|