Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 46780, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.12.2023, 00:00:00 +, Signature-Inception: 20.11.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: de
|
|
de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest 80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 03.12.2023, 05:00:00 +, Signature-Inception: 20.11.2023, 04:00:00 +, KeyTag 46780, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 46780 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 10209, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26755, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner de., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 30.11.2023, 23:44:41 +, Signature-Inception: 16.11.2023, 22:14:41 +, KeyTag 26755, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26755 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26755, DigestType 2 and Digest "80E1eAmllUMRzLgq3hFMbB1ySnXAOVE3qjl4A1Ql540=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: spitzbuwe.de
|
|
spitzbuwe.de
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 29381, DigestType 2 and Digest qjUYq5bxLeUDkp5SZpNoqSi1KJQy4kyMQ3vmSAeBblA=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner spitzbuwe.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 02.12.2023, 06:57:50 +, Signature-Inception: 18.11.2023, 05:27:50 +, KeyTag 10209, Signer-Name: de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 10209 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22213, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 29381, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner spitzbuwe.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| RRSIG-Owner spitzbuwe.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 29381, Signer-Name: spitzbuwe.de
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22213 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 29381 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 29381, DigestType 2 and Digest "qjUYq5bxLeUDkp5SZpNoqSi1KJQy4kyMQ3vmSAeBblA=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 89.58.15.224
Validated: RRSIG-Owner spitzbuwe.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 a:mail.zupmail.de mx ?all
Validated: RRSIG-Owner spitzbuwe.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "3otqi5af07br1g70lsar0187bhmtq4pq" equal the hashed NSEC3-owner "3otqi5af07br1g70lsar0187bhmtq4pq" and the hashed NextOwner "60g9taqghel02d148act86tk109luu86". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "3otqi5af07br1g70lsar0187bhmtq4pq" equal the hashed NSEC3-owner "3otqi5af07br1g70lsar0187bhmtq4pq" and the hashed NextOwner "60g9taqghel02d148act86tk109luu86". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.spitzbuwe.de) sends a valid NSEC3 RR as result with the hashed owner name "mdmgu6kimksiq5e38ptkb2h4824n2hv0" (unhashed: _tcp.spitzbuwe.de). So that's the Closest Encloser of the query name.
Bitmap: No Bitmap? Validated: RRSIG-Owner mdmgu6kimksiq5e38ptkb2h4824n2hv0.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "5m4c1e7mfmcgs3ppkikt74lfton65aqo" (unhashed: *._tcp.spitzbuwe.de) with the owner "3otqi5af07br1g70lsar0187bhmtq4pq" and the NextOwner "60g9taqghel02d148act86tk109luu86". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.spitzbuwe.de) sends a valid NSEC3 RR as result with the hashed query name "q8nh0d6uh7hpkuhav581hbqkdo1hcjlt" between the hashed NSEC3-owner "otvtq446m35nljqa9vore94pk9fk09ph" and the hashed NextOwner "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: No Bitmap? Validated: RRSIG-Owner otvtq446m35nljqa9vore94pk9fk09ph.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "3otqi5af07br1g70lsar0187bhmtq4pq" equal the hashed NSEC3-owner "3otqi5af07br1g70lsar0187bhmtq4pq" and the hashed NextOwner "60g9taqghel02d148act86tk109luu86". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.spitzbuwe.de
|
|
www.spitzbuwe.de
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "3otqi5af07br1g70lsar0187bhmtq4pq" as Owner. That's the Hash of "spitzbuwe.de" with the NextHashedOwnerName "60g9taqghel02d148act86tk109luu86". So that domain name is the Closest Encloser of "www.spitzbuwe.de". Opt-Out: False.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| The ClosestEncloser says, that "*.spitzbuwe.de" with the Hash "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" and the Next Owner "3ortvlcnbchh03oc7g3ujlao75edp7lr", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 89.58.15.224. RRSIG Owner has 3 labels, RRSIG Labels = 2, so it's a wildcard expansion, the Query Name doesn't exists. An additional NSEC/NSEC3 is required to confirm the Not-Existence of the query name.
Validated: RRSIG-Owner www.spitzbuwe.de., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| A-Query sends a valid NSEC3 RR as result with the hashed owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" (unhashed: *.spitzbuwe.de) as the Wildcard-Expansion of the Closest Encloser of the query name "um50s1l4g85klm6bpo7pf5gis7q8llrd". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain). A-Query sends a valid NSEC3 RR as result with the owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" greater the NextOwner-Name "3ortvlcnbchh03oc7g3ujlao75edp7lr", so the NSEC3 covers the end of the zone. The hashed query name "um50s1l4g85klm6bpo7pf5gis7q8llrd" comes after the hashed Owner, so the zone confirmes the not-existence of that A RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed owner name "3otqi5af07br1g70lsar0187bhmtq4pq" (unhashed: spitzbuwe.de). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" (unhashed: *.spitzbuwe.de) as the Wildcard-Expansion of the Closest Encloser of the query name "um50s1l4g85klm6bpo7pf5gis7q8llrd". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain). CNAME-Query sends a valid NSEC3 RR as result with the owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" greater the NextOwner-Name "3ortvlcnbchh03oc7g3ujlao75edp7lr", so the NSEC3 covers the end of the zone. The hashed query name "um50s1l4g85klm6bpo7pf5gis7q8llrd" comes after the hashed Owner, so the zone confirmes the not-existence of that CNAME RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed owner name "3otqi5af07br1g70lsar0187bhmtq4pq" (unhashed: spitzbuwe.de). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" (unhashed: *.spitzbuwe.de) as the Wildcard-Expansion of the Closest Encloser of the query name "um50s1l4g85klm6bpo7pf5gis7q8llrd". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain). TXT-Query sends a valid NSEC3 RR as result with the owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" greater the NextOwner-Name "3ortvlcnbchh03oc7g3ujlao75edp7lr", so the NSEC3 covers the end of the zone. The hashed query name "um50s1l4g85klm6bpo7pf5gis7q8llrd" comes after the hashed Owner, so the zone confirmes the not-existence of that TXT RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed owner name "3otqi5af07br1g70lsar0187bhmtq4pq" (unhashed: spitzbuwe.de). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" (unhashed: *.spitzbuwe.de) as the Wildcard-Expansion of the Closest Encloser of the query name "um50s1l4g85klm6bpo7pf5gis7q8llrd". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain). AAAA-Query sends a valid NSEC3 RR as result with the owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" greater the NextOwner-Name "3ortvlcnbchh03oc7g3ujlao75edp7lr", so the NSEC3 covers the end of the zone. The hashed query name "um50s1l4g85klm6bpo7pf5gis7q8llrd" comes after the hashed Owner, so the zone confirmes the not-existence of that AAAA RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.spitzbuwe.de) sends a valid NSEC3 RR as result with the hashed owner name "3otqi5af07br1g70lsar0187bhmtq4pq" (unhashed: spitzbuwe.de). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "um50s1l4g85klm6bpo7pf5gis7q8llrd" (unhashed: www.spitzbuwe.de) with the owner "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" and the NextOwner "3ortvlcnbchh03oc7g3ujlao75edp7lr". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query sends a valid NSEC3 RR as result with the hashed owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" (unhashed: *.spitzbuwe.de) as the Wildcard-Expansion of the Closest Encloser of the query name "h0gb9g1mg10a6ci429q493ur84dclb0h". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain).
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed owner name "3otqi5af07br1g70lsar0187bhmtq4pq" (unhashed: spitzbuwe.de). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner 3otqi5af07br1g70lsar0187bhmtq4pq.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" (unhashed: *.spitzbuwe.de) as the Wildcard-Expansion of the Closest Encloser of the query name "um50s1l4g85klm6bpo7pf5gis7q8llrd". So the Wildcard-Expansion of the Closest Encloser confirms that the query name is generated via wildcard expansion (NoError instead of NXDomain). CAA-Query sends a valid NSEC3 RR as result with the owner name "tdt0vo0s2k1pt19a2hcs4fhmpp28dofo" greater the NextOwner-Name "3ortvlcnbchh03oc7g3ujlao75edp7lr", so the NSEC3 covers the end of the zone. The hashed query name "um50s1l4g85klm6bpo7pf5gis7q8llrd" comes after the hashed Owner, so the zone confirmes the not-existence of that CAA RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner tdt0vo0s2k1pt19a2hcs4fhmpp28dofo.spitzbuwe.de., Algorithm: 8, 3 Labels, original TTL: 86400 sec, Signature-expiration: 20.12.2023, 19:30:00 +, Signature-Inception: 19.11.2023, 19:30:00 +, KeyTag 22213, Signer-Name: spitzbuwe.de
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|