Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5613, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2024, 00:00:00 +, Signature-Inception: 10.06.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ch
|
|
ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 450, DigestType 2 and Digest SZSRPZ/08N+V8IrN8dZhSdhzNo/2wYNsZL36zmJzT6I=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.06.2024, 05:00:00 +, Signature-Inception: 10.06.2024, 04:00:00 +, KeyTag 5613, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 450, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 1126, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 8233, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.07.2024, 10:09:09 +, Signature-Inception: 23.05.2024, 09:09:09 +, KeyTag 450, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 450 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 450, DigestType 2 and Digest "SZSRPZ/08N+V8IrN8dZhSdhzNo/2wYNsZL36zmJzT6I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: demoniak.ch
|
|
demoniak.ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest TGsiBCn2bn4dkKjanSeBM6+cPcpZEdKrsfTogr7qzek=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner demoniak.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 06.07.2024, 03:55:51 +, Signature-Inception: 06.06.2024, 03:02:06 +, KeyTag 8233, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 8233 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner demoniak.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 31.07.2024, 19:04:05 +, Signature-Inception: 31.05.2024, 19:04:05 +, KeyTag 2371, Signer-Name: demoniak.ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "TGsiBCn2bn4dkKjanSeBM6+cPcpZEdKrsfTogr7qzek=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: search.demoniak.ch
|
|
search.demoniak.ch
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "search.demoniak.ch" and the NextOwner "\000.search.demoniak.ch". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.172.100.15
Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 11.06.2024, 17:01:50 +, Signature-Inception: 09.06.2024, 15:01:50 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| RRSIG Type 5 validates the CNAME - Result: docker-dc.demoniak.ch
Validated: RRSIG-Owner search.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 11.06.2024, 17:01:50 +, Signature-Inception: 09.06.2024, 15:01:50 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:1600:0120:0300:0000:0000:0012:0001
Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 11.06.2024, 17:01:50 +, Signature-Inception: 09.06.2024, 15:01:50 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "search.demoniak.ch" equal the NSEC-owner "search.demoniak.ch" and the NextOwner "\000.search.demoniak.ch". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner search.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:01:50 +, Signature-Inception: 09.06.2024, 15:01:50 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.search.demoniak.ch) sends a valid NSEC RR as result with the query name "_443._tcp.search.demoniak.ch" equal the NSEC-owner "_443._tcp.search.demoniak.ch" and the NextOwner "\000._443._tcp.search.demoniak.ch". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC Validated: RRSIG-Owner _443._tcp.search.demoniak.ch., Algorithm: 13, 5 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:01:50 +, Signature-Inception: 09.06.2024, 15:01:50 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "search.demoniak.ch" equal the NSEC-owner "search.demoniak.ch" and the NextOwner "\000.search.demoniak.ch". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner search.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:01:50 +, Signature-Inception: 09.06.2024, 15:01:50 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.search.demoniak.ch
|
|
www.search.demoniak.ch
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.search.demoniak.ch" and the NextOwner "\000.www.search.demoniak.ch". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: RRSIG, NSEC
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5613, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2024, 00:00:00 +, Signature-Inception: 10.06.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ch
|
|
ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 450, DigestType 2 and Digest SZSRPZ/08N+V8IrN8dZhSdhzNo/2wYNsZL36zmJzT6I=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 23.06.2024, 05:00:00 +, Signature-Inception: 10.06.2024, 04:00:00 +, KeyTag 5613, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 450, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 1126, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 8233, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ch., Algorithm: 13, 1 Labels, original TTL: 86400 sec, Signature-expiration: 08.07.2024, 10:09:09 +, Signature-Inception: 23.05.2024, 09:09:09 +, KeyTag 450, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 450 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 450, DigestType 2 and Digest "SZSRPZ/08N+V8IrN8dZhSdhzNo/2wYNsZL36zmJzT6I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: demoniak.ch
|
|
demoniak.ch
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest TGsiBCn2bn4dkKjanSeBM6+cPcpZEdKrsfTogr7qzek=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner demoniak.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 06.07.2024, 03:55:51 +, Signature-Inception: 06.06.2024, 03:02:06 +, KeyTag 8233, Signer-Name: ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 8233 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner demoniak.ch., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 31.07.2024, 19:04:05 +, Signature-Inception: 31.05.2024, 19:04:05 +, KeyTag 2371, Signer-Name: demoniak.ch
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "TGsiBCn2bn4dkKjanSeBM6+cPcpZEdKrsfTogr7qzek=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: docker-dc.demoniak.ch
|
|
docker-dc.demoniak.ch
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "docker-dc.demoniak.ch" and the NextOwner "\000.docker-dc.demoniak.ch". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.172.100.15
Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 11.06.2024, 17:02:06 +, Signature-Inception: 09.06.2024, 15:02:06 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:1600:0120:0300:0000:0000:0012:0001
Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 11.06.2024, 17:02:06 +, Signature-Inception: 09.06.2024, 15:02:06 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "docker-dc.demoniak.ch" equal the NSEC-owner "docker-dc.demoniak.ch" and the NextOwner "\000.docker-dc.demoniak.ch". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:02:06 +, Signature-Inception: 09.06.2024, 15:02:06 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "docker-dc.demoniak.ch" equal the NSEC-owner "docker-dc.demoniak.ch" and the NextOwner "\000.docker-dc.demoniak.ch". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:02:06 +, Signature-Inception: 09.06.2024, 15:02:06 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.docker-dc.demoniak.ch) sends a valid NSEC RR as result with the query name "_443._tcp.docker-dc.demoniak.ch" equal the NSEC-owner "_443._tcp.docker-dc.demoniak.ch" and the NextOwner "\000._443._tcp.docker-dc.demoniak.ch". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC Validated: RRSIG-Owner _443._tcp.docker-dc.demoniak.ch., Algorithm: 13, 5 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:02:06 +, Signature-Inception: 09.06.2024, 15:02:06 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "docker-dc.demoniak.ch" equal the NSEC-owner "docker-dc.demoniak.ch" and the NextOwner "\000.docker-dc.demoniak.ch". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner docker-dc.demoniak.ch., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 11.06.2024, 17:02:06 +, Signature-Inception: 09.06.2024, 15:02:06 +, KeyTag 34505, Signer-Name: demoniak.ch
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|