Zone (*) DNSSEC - Informations Zone : (root)(root) 1 DS RR published • Status: Valid because published2 DNSKEY RR found Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
Public Key with Algorithm 8, KeyTag 33853, Flags 256
1 RRSIG RR to validate DNSKEY RR found RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.04.2020, 00:00:00 +, Signature-Inception: 11.03.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zoneZone : comcom 1 DS RR in the parent zone found 1 RRSIG RR to validate DS RR found RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 29.03.2020, 05:00:00 +, Signature-Inception: 16.03.2020, 04:00:00 +, KeyTag 33853, Signer-Name: (root)
• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 33853 used to validate the DS RRSet in the parent zone2 DNSKEY RR found Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
Public Key with Algorithm 8, KeyTag 56311, Flags 256
1 RRSIG RR to validate DNSKEY RR found RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.03.2020, 19:24:21 +, Signature-Inception: 06.03.2020, 19:19:21 +, KeyTag 30909, Signer-Name: com
RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 21.03.2020, 19:24:21 +, Signature-Inception: 06.03.2020, 19:19:21 +, KeyTag 30909, Signer-Name: com
• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet• Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet• Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zoneZone : sneakerdraws.comsneakerdraws.com 0 DS RR in the parent zone found DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "t559gbdqfs1f4r4j6ta3ck4c2ka6fimc" between the hashed NSEC3-owner "t558qjf2o09u4l4v1r2k950mk26fegda" and the hashed NextOwner "t559uui18o9obknppf8lmnqnab6820nm". So the parent zone confirmes the not-existence of a DS RR.Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner t558qjf2o09u4l4v1r2k950mk26fegda.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.03.2020, 05:58:08 +, Signature-Inception: 13.03.2020, 04:48:08 +, KeyTag 56311, Signer-Name: com
1 DNSKEY RR found Public Key with Algorithm 13, KeyTag 12444, Flags 257 (SEP = Secure Entry Point)
1 RRSIG RR to validate DNSKEY RR found RRSIG-Owner sneakerdraws.com., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
• Status: Good - Algorithmus 13 and DNSKEY with KeyTag 12444 used to validate the DNSKEY RRSetError: DNSKEY 12444 signs DNSKEY RRset, but no confirming DS RR in the parent zone found. No chain of trust created. RRSIG Type 1 validates the A - Result: 188.225.25.117 Validated: RRSIG-Owner sneakerdraws.com., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 16 validates the TXT - Result: v=spf1 ip4:176.57.223.0/24 ip4:92.53.116.0/22 ip4:92.53.96.0/22 ip4:92.53.112.0/22 ip4:92.53.104.0/22 ip6:2a03:6f00::/32 ~all Validated: RRSIG-Owner sneakerdraws.com., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 28 validates the AAAA - Result: 2A03:6F00:0001:0000:0000:0000:5C35:607D Validated: RRSIG-Owner sneakerdraws.com., Algorithm: 13, 2 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the CNAME RR. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the TLSA RR. Bitmap: A, TXT, AAAA, RRSIG
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the TLSA RR. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the CAA RR. Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM
Zone : www.sneakerdraws.comwww.sneakerdraws.com 0 DS RR in the parent zone found DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "1hibth5d3pdnj6dl4av781er5r6nd50t" between the hashed NSEC3-owner "1hibth5d3pdnj6dl4av781er5r6nd50t" and the hashed NextOwner "75sop5v0vegu0bk5h6k8cc3mon6bvac2". So the parent zone confirmes the not-existence of a DS RR.Bitmap: A, TXT, AAAA, RRSIG Validated: RRSIG-Owner 1hibth5d3pdnj6dl4av781er5r6nd50t.sneakerdraws.com., Algorithm: 13, 3 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 1 validates the A - Result: 188.225.25.117 Validated: RRSIG-Owner www.sneakerdraws.com., Algorithm: 13, 3 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 16 validates the TXT - Result: v=spf1 ip4:176.57.223.0/24 ip4:92.53.116.0/22 ip4:92.53.96.0/22 ip4:92.53.112.0/22 ip4:92.53.104.0/22 ip6:2a03:6f00::/32 ~all Validated: RRSIG-Owner www.sneakerdraws.com., Algorithm: 13, 3 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 28 validates the AAAA - Result: 2A03:6F00:0001:0000:0000:0000:5C35:607D Validated: RRSIG-Owner www.sneakerdraws.com., Algorithm: 13, 3 Labels, original TTL: 600 sec, Signature-expiration: 26.03.2020, 00:00:00 +, Signature-Inception: 05.03.2020, 00:00:00 +, KeyTag 12444, Signer-Name: sneakerdraws.com
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the CNAME RR. Bitmap: A, TXT, AAAA, RRSIG
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the TLSA RR. Bitmap: A, TXT, AAAA, RRSIG
RRSIG Type 50, expiration 2020-03-26 00:00:00 + validates the NSEC3 RR that proves the not-existence of the CAA RR. Bitmap: A, TXT, AAAA, RRSIG