Zone (*) | DNSSEC - Informations |
---|
|
Zone: (root)
|
(root)
| 1 DS RR published
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0= |
|
|
| • Status: Valid because published
|
|
|
| 2 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 20038, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point) |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 20.09.2024, 00:00:00 +, Signature-Inception: 30.08.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root) |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: org
|
org
| 1 DS RR in the parent zone found
|
|
|
| DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI= |
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
| RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 17.09.2024, 17:00:00 +, Signature-Inception: 04.09.2024, 16:00:00 +, KeyTag 20038, Signer-Name: (root) |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone
|
|
|
| 3 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 23064, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point) |
|
|
| Public Key with Algorithm 8, KeyTag 54228, Flags 256 |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2024, 15:21:48 +, Signature-Inception: 01.09.2024, 14:21:48 +, KeyTag 26974, Signer-Name: org |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: sailtrace.org
|
sailtrace.org
| 1 DS RR in the parent zone found
|
|
|
| DS with Algorithm 8, KeyTag 6200, DigestType 2 and Digest dSO7VMR3qmDEoOz68BYGdhnUmVxuI3Uuiz3o81CVLeQ= |
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
| RRSIG-Owner sailtrace.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2024, 15:21:48 +, Signature-Inception: 01.09.2024, 14:21:48 +, KeyTag 23064, Signer-Name: org |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 23064 used to validate the DS RRSet in the parent zone
|
|
|
| 2 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 6200, Flags 257 (SEP = Secure Entry Point) |
|
|
| Public Key with Algorithm 8, KeyTag 39424, Flags 256 |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner sailtrace.org., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 6200, Signer-Name: sailtrace.org |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 6200 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 6200, DigestType 2 and Digest "dSO7VMR3qmDEoOz68BYGdhnUmVxuI3Uuiz3o81CVLeQ=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
| RRSIG Type 1 validates the A - Result: 81.217.155.221
Validated: RRSIG-Owner sailtrace.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:_spf-eu.ionos.com ~all
Validated: RRSIG-Owner sailtrace.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" equal the hashed NSEC3-owner "rmuejre1d06qokgn7r2b0mmi6vo5c25f" and the hashed NextOwner "rri0fqa2dlt2bntd2bhvqnr949ii2jir". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" equal the hashed NSEC3-owner "rmuejre1d06qokgn7r2b0mmi6vo5c25f" and the hashed NextOwner "rri0fqa2dlt2bntd2bhvqnr949ii2jir". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query (_443._tcp.sailtrace.org) sends a valid NSEC3 RR as result with the hashed owner name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" (unhashed: sailtrace.org). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "0bbada8nqq7cmvnoe0sibsi59l2rspso" (unhashed: _tcp.sailtrace.org) with the owner "tcbsfi3q66ktne9rskk3esbop7s4g5rb" and the NextOwner "1hqr2m13i4h7do69cr1rietp4r4klo19". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner tcbsfi3q66ktne9rskk3esbop7s4g5rb.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result with the hashed owner name "1hqr2m13i4h7do69cr1rietp4r4klo19" (unhashed: *.sailtrace.org) as the Wildcard-Expansion of the Closest Encloser of the query name "5qvki28elkghf34j7c2947oj4eacogkk". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" equal the hashed NSEC3-owner "rmuejre1d06qokgn7r2b0mmi6vo5c25f" and the hashed NextOwner "rri0fqa2dlt2bntd2bhvqnr949ii2jir". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
Zone: www.sailtrace.org
|
www.sailtrace.org
| 0 DS RR in the parent zone found
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "rmuejre1d06qokgn7r2b0mmi6vo5c25f" as Owner. That's the Hash of "sailtrace.org" with the NextHashedOwnerName "rri0fqa2dlt2bntd2bhvqnr949ii2jir". So that domain name is the Closest Encloser of "www.sailtrace.org". Opt-Out: False.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| The ClosestEncloser says, that "*.sailtrace.org" with the Hash "1hqr2m13i4h7do69cr1rietp4r4klo19" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "1hqr2m13i4h7do69cr1rietp4r4klo19" and the Next Owner "2u3grs9vc5um3jcumvqrini12hbi257f", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| RRSIG Type 1 validates the A - Result: 81.217.155.221. RRSIG Owner has 3 labels, RRSIG Labels = 2, so it's a wildcard expansion, the Query Name doesn't exists. An additional NSEC/NSEC3 is required to confirm the Not-Existence of the query name.
Validated: RRSIG-Owner www.sailtrace.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed owner name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" (unhashed: sailtrace.org). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed owner name "1hqr2m13i4h7do69cr1rietp4r4klo19" (unhashed: *.sailtrace.org) as the Wildcard-Expansion of the Closest Encloser of the query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed owner name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" (unhashed: sailtrace.org). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed owner name "1hqr2m13i4h7do69cr1rietp4r4klo19" (unhashed: *.sailtrace.org) as the Wildcard-Expansion of the Closest Encloser of the query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed owner name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" (unhashed: sailtrace.org). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed owner name "1hqr2m13i4h7do69cr1rietp4r4klo19" (unhashed: *.sailtrace.org) as the Wildcard-Expansion of the Closest Encloser of the query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query (_443._tcp.www.sailtrace.org) sends a valid NSEC3 RR as result with the hashed owner name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" (unhashed: sailtrace.org). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" (unhashed: www.sailtrace.org) with the owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query (_443._tcp.www.sailtrace.org) sends a valid NSEC3 RR as result with the hashed query name "e24ki8k6u6e7rveo4one8k8gdcgo2e4n" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result with the hashed owner name "1hqr2m13i4h7do69cr1rietp4r4klo19" (unhashed: *.sailtrace.org) as the Wildcard-Expansion of the Closest Encloser of the query name "e24ki8k6u6e7rveo4one8k8gdcgo2e4n". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed owner name "rmuejre1d06qokgn7r2b0mmi6vo5c25f" (unhashed: sailtrace.org). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner rmuejre1d06qokgn7r2b0mmi6vo5c25f.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed owner name "1hqr2m13i4h7do69cr1rietp4r4klo19" (unhashed: *.sailtrace.org) as the Wildcard-Expansion of the Closest Encloser of the query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner 1hqr2m13i4h7do69cr1rietp4r4klo19.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| A-Query sends a valid NSEC3 RR as result with the hashed query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the zone confirmes the not-existence of that A RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC3 covers the Query Name, but there are not enough informations about wildcards: Validated Data sent, but the NSEC3Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC3-Records, so DNSSEC works.
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the zone confirmes the not-existence of that CNAME RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC3 covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC3-Records, so DNSSEC works.
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the zone confirmes the not-existence of that TXT RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC3 covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC3-Records, so DNSSEC works.
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the zone confirmes the not-existence of that AAAA RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC3 covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC3-Records, so DNSSEC works.
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "ftcdv0af5cqhf1h37nl4sfp55u5qnp9j" between the hashed NSEC3-owner "6vs3rhd0vmpgrvk81q5ub1dccbru13pu" and the hashed NextOwner "jl9ai8jr68ikub4k5qcke16kptvjvsvt". So the zone confirmes the not-existence of that CAA RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 6vs3rhd0vmpgrvk81q5ub1dccbru13pu.sailtrace.org., Algorithm: 8, 3 Labels, original TTL: 600 sec, Signature-expiration: 29.11.2024, 12:02:13 +, Signature-Inception: 31.08.2024, 12:02:13 +, KeyTag 39424, Signer-Name: sailtrace.org |
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC3 covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC3-Records, so DNSSEC works.
|