Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 14748, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.12.2021, 00:00:00 +, Signature-Inception: 10.11.2021, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: fr
|
|
fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 51508, DigestType 2 and Digest GzOGhk0wzMj0VBuYW/LKMg5PUsV8UzU/bSnJrVilZx8=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 27.11.2021, 17:00:00 +, Signature-Inception: 14.11.2021, 16:00:00 +, KeyTag 14748, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 14748 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 26526, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 38315, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 51508, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner fr., Algorithm: 13, 1 Labels, original TTL: 172800 sec, Signature-expiration: 09.01.2022, 17:15:36 +, Signature-Inception: 10.11.2021, 16:15:37 +, KeyTag 51508, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 51508 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 51508, DigestType 2 and Digest "GzOGhk0wzMj0VBuYW/LKMg5PUsV8UzU/bSnJrVilZx8=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: stevensimon.fr
|
|
stevensimon.fr
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 41482, DigestType 2 and Digest gfbLNfYUEKdiVD8YuCmIMpkxRRMXlIOGJz2oUyJ9/DE=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner stevensimon.fr., Algorithm: 13, 2 Labels, original TTL: 172800 sec, Signature-expiration: 06.12.2021, 21:14:03 +, Signature-Inception: 07.10.2021, 20:25:46 +, KeyTag 38315, Signer-Name: fr
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 38315 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 41482, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner stevensimon.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| RRSIG-Owner stevensimon.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 41482, Signer-Name: stevensimon.fr
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 41482 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 41482, DigestType 2 and Digest "gfbLNfYUEKdiVD8YuCmIMpkxRRMXlIOGJz2oUyJ9/DE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 54.38.240.118
Validated: RRSIG-Owner stevensimon.fr., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: 1|www.stevensimon.fr
v=spf1 include:mx.ovh.com ~all
Validated: RRSIG-Owner stevensimon.fr., Algorithm: 8, 2 Labels, original TTL: 600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "e54l493933fktisrue3ceqo37un1jhae" equal the hashed NSEC3-owner "e54l493933fktisrue3ceqo37un1jhae" and the hashed NextOwner "hf3nc2bto41096oghfr7e4tg4tgjl2b6". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner e54l493933fktisrue3ceqo37un1jhae.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "e54l493933fktisrue3ceqo37un1jhae" equal the hashed NSEC3-owner "e54l493933fktisrue3ceqo37un1jhae" and the hashed NextOwner "hf3nc2bto41096oghfr7e4tg4tgjl2b6". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner e54l493933fktisrue3ceqo37un1jhae.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.stevensimon.fr) sends a valid NSEC3 RR as result with the hashed owner name "dlk26ao64igqa6ekl7p8l5qkk4dttbvl" (unhashed: _tcp.stevensimon.fr). So that's the Closest Encloser of the query name.
Bitmap: No Bitmap? Validated: RRSIG-Owner dlk26ao64igqa6ekl7p8l5qkk4dttbvl.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.stevensimon.fr) sends a valid NSEC3 RR as result with the hashed query name "j240all7q33qftfnl4095l4tmh84miqn" between the hashed NSEC3-owner "hf3nc2bto41096oghfr7e4tg4tgjl2b6" and the hashed NextOwner "j9q7hnltp1k4nhak79q0up4btv12p2fr". So the zone confirmes the not-existence of that TLSA RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner hf3nc2bto41096oghfr7e4tg4tgjl2b6.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "ag11lmvaaakb3mts3nrg4307hkapcrka" (unhashed: *._tcp.stevensimon.fr) with the owner "acb43080m6ski6n0et1oid960lniusm0" and the NextOwner "dlk26ao64igqa6ekl7p8l5qkk4dttbvl". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner acb43080m6ski6n0et1oid960lniusm0.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "e54l493933fktisrue3ceqo37un1jhae" equal the hashed NSEC3-owner "e54l493933fktisrue3ceqo37un1jhae" and the hashed NextOwner "hf3nc2bto41096oghfr7e4tg4tgjl2b6". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner e54l493933fktisrue3ceqo37un1jhae.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.stevensimon.fr
|
|
www.stevensimon.fr
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" between the hashed NSEC3-owner "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" and the hashed NextOwner "ru9b1ihbi362p8lffg67qdeomu258ete". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner jbnrsjpuo1u1qvpt6kuq7ba0s25l316g.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 54.38.240.118
Validated: RRSIG-Owner www.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: l|fr
3|welcome
Validated: RRSIG-Owner www.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 32773|issueletsencrypt.org
Validated: RRSIG-Owner www.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" equal the hashed NSEC3-owner "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" and the hashed NextOwner "ru9b1ihbi362p8lffg67qdeomu258ete". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner jbnrsjpuo1u1qvpt6kuq7ba0s25l316g.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" equal the hashed NSEC3-owner "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" and the hashed NextOwner "ru9b1ihbi362p8lffg67qdeomu258ete". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner jbnrsjpuo1u1qvpt6kuq7ba0s25l316g.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.stevensimon.fr) sends a valid NSEC3 RR as result with the hashed owner name "jbnrsjpuo1u1qvpt6kuq7ba0s25l316g" (unhashed: www.stevensimon.fr). So that's the Closest Encloser of the query name.
Bitmap: A, TXT, RRSIG, CAA Validated: RRSIG-Owner jbnrsjpuo1u1qvpt6kuq7ba0s25l316g.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "uqftmb93nos36lhc32j5a7j9jqovnqi1" (unhashed: _tcp.www.stevensimon.fr) with the owner "ru9b1ihbi362p8lffg67qdeomu258ete" and the NextOwner "0999n6nmaadhnqg6g4ithvqj257pkgu4". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query (_443._tcp.www.stevensimon.fr) sends a valid NSEC3 RR as result with the owner name "ru9b1ihbi362p8lffg67qdeomu258ete" greater the NextOwner-Name "0999n6nmaadhnqg6g4ithvqj257pkgu4", so the NSEC3 covers the end of the zone. The hashed query name "u62fihkm7l85pcde8ca93n7jac3m8jdj" comes after the hashed Owner, so the zone confirmes the not-existence of that TLSA RR.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner ru9b1ihbi362p8lffg67qdeomu258ete.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "ecgnba6t17u98vuvin3mthlk7v6cf5g8" (unhashed: *.www.stevensimon.fr) with the owner "e54l493933fktisrue3ceqo37un1jhae" and the NextOwner "hf3nc2bto41096oghfr7e4tg4tgjl2b6". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM Validated: RRSIG-Owner e54l493933fktisrue3ceqo37un1jhae.stevensimon.fr., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 14.12.2021, 14:08:43 +, Signature-Inception: 14.11.2021, 14:08:43 +, KeyTag 17, Signer-Name: stevensimon.fr
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|