Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26838, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.08.2021, 00:00:00 +, Signature-Inception: 21.07.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: de
|
|
de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest 80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 06.08.2021, 05:00:00 +, Signature-Inception: 24.07.2021, 04:00:00 +, KeyTag 26838, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26838 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26755, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 56844, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 300 sec, Signature-expiration: 02.08.2021, 17:00:37 +, Signature-Inception: 19.07.2021, 15:30:37 +, KeyTag 26755, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26755 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest "80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: shansen-online.de
|
|
shansen-online.de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 7, KeyTag 870, DigestType 2 and Digest pIlC5KKpGT+v7OSuFvvpfUS/tVFXX2LFcSYqcw3vQ1o=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner shansen-online.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 05.08.2021, 05:00:31 +, Signature-Inception: 22.07.2021, 03:30:31 +, KeyTag 56844, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 56844 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 870, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 26345, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 38927, Flags 256
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner shansen-online.de., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 870, Signer-Name: shansen-online.de
|
|
|
|
|
| RRSIG-Owner shansen-online.de., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 870 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 26345 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 870, DigestType 2 and Digest "pIlC5KKpGT+v7OSuFvvpfUS/tVFXX2LFcSYqcw3vQ1o=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 178.13.25.16
Validated: RRSIG-Owner shansen-online.de., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 a mx ~all
1|www.shansen-online.de
Validated: RRSIG-Owner shansen-online.de., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 9|issuewildidentrust.com
Validated: RRSIG-Owner shansen-online.de., Algorithm: 7, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "lcsae7tmde2ce2sf8sfgua48ra0do79l" equal the hashed NSEC3-owner "lcsae7tmde2ce2sf8sfgua48ra0do79l" and the hashed NextOwner "lhrimimqm9db5fi0g0toaoghdtde4frf". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner lcsae7tmde2ce2sf8sfgua48ra0do79l.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "lcsae7tmde2ce2sf8sfgua48ra0do79l" equal the hashed NSEC3-owner "lcsae7tmde2ce2sf8sfgua48ra0do79l" and the hashed NextOwner "lhrimimqm9db5fi0g0toaoghdtde4frf". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CAA Validated: RRSIG-Owner lcsae7tmde2ce2sf8sfgua48ra0do79l.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.shansen-online.de) sends a valid NSEC3 RR as result with the hashed owner name "6lkfthddi8apg65o6ui1q1epat7kcrm7" (unhashed: _tcp.shansen-online.de). So that's the Closest Encloser of the query name.
Bitmap: No Bitmap? Validated: RRSIG-Owner 6lkfthddi8apg65o6ui1q1epat7kcrm7.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.shansen-online.de) sends a valid NSEC3 RR as result with the hashed query name "r7sn8fqffi9tkir8noi100nq9o46ojch" between the hashed NSEC3-owner "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" and the hashed NextOwner "rtgnitc8ksl4ihviur937rcags6rqlfo". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner mrq58375c2mcj7afb8u4rcc3o3hl4hb8.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "5o75eh1gtjisgrgfi76oclaedn645u9i" (unhashed: *._tcp.shansen-online.de) with the owner "5545jblg6jtk1cls0kh73309mtoa3i7s" and the NextOwner "6lkfthddi8apg65o6ui1q1epat7kcrm7". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner 5545jblg6jtk1cls0kh73309mtoa3i7s.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
Zone: www.shansen-online.de
|
|
www.shansen-online.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" between the hashed NSEC3-owner "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" and the hashed NextOwner "rtgnitc8ksl4ihviur937rcags6rqlfo". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner mrq58375c2mcj7afb8u4rcc3o3hl4hb8.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 178.13.25.16
Validated: RRSIG-Owner www.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: l|de
3|welcome
Validated: RRSIG-Owner www.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 9|issuewildidentrust.com
Validated: RRSIG-Owner www.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 3600 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" equal the hashed NSEC3-owner "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" and the hashed NextOwner "rtgnitc8ksl4ihviur937rcags6rqlfo". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner mrq58375c2mcj7afb8u4rcc3o3hl4hb8.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" equal the hashed NSEC3-owner "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" and the hashed NextOwner "rtgnitc8ksl4ihviur937rcags6rqlfo". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner mrq58375c2mcj7afb8u4rcc3o3hl4hb8.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.shansen-online.de) sends a valid NSEC3 RR as result with the hashed owner name "mrq58375c2mcj7afb8u4rcc3o3hl4hb8" (unhashed: www.shansen-online.de). So that's the Closest Encloser of the query name.
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner mrq58375c2mcj7afb8u4rcc3o3hl4hb8.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "6er0um7fo4n8r1i4e10rnqmbk5i7iog2" (unhashed: _tcp.www.shansen-online.de) with the owner "5545jblg6jtk1cls0kh73309mtoa3i7s" and the NextOwner "6lkfthddi8apg65o6ui1q1epat7kcrm7". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner 5545jblg6jtk1cls0kh73309mtoa3i7s.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "1jien4mh5njvvprcdk3cmm4d2jc7qric" (unhashed: *.www.shansen-online.de) with the owner "rtgnitc8ksl4ihviur937rcags6rqlfo" and the NextOwner "5545jblg6jtk1cls0kh73309mtoa3i7s". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, RRSIG Validated: RRSIG-Owner rtgnitc8ksl4ihviur937rcags6rqlfo.shansen-online.de., Algorithm: 7, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.08.2021, 20:15:43 +, Signature-Inception: 23.07.2021, 20:15:43 +, KeyTag 26345, Signer-Name: shansen-online.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|