Zone (*) | DNSSEC - Informations |
---|
|
Zone: (root)
|
(root)
| 1 DS RR published
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0= |
|
|
| • Status: Valid because published
|
|
|
| 2 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 20038, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point) |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 20.09.2024, 00:00:00 +, Signature-Inception: 30.08.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root) |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: io
|
io
| 1 DS RR in the parent zone found
|
|
|
| DS with Algorithm 8, KeyTag 57355, DigestType 2 and Digest laV8O6t4SdvN33xyracaiBRrFBEQMYylvmcgV+hlw+I= |
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
| RRSIG-Owner io., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 18.09.2024, 05:00:00 +, Signature-Inception: 05.09.2024, 04:00:00 +, KeyTag 20038, Signer-Name: (root) |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone
|
|
|
| 3 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 15621, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 25284, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 57355, Flags 257 (SEP = Secure Entry Point) |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner io., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2024, 16:12:54 +, Signature-Inception: 01.09.2024, 15:12:54 +, KeyTag 57355, Signer-Name: io |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57355 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 57355, DigestType 2 and Digest "laV8O6t4SdvN33xyracaiBRrFBEQMYylvmcgV+hlw+I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: johnley.io
|
johnley.io
| 1 DS RR in the parent zone found
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest AaspUisSptOGitKHqFOhCSm5MKBxqf9WDX3CxjuEV8A= |
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
| RRSIG-Owner johnley.io., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2024, 16:12:54 +, Signature-Inception: 01.09.2024, 15:12:54 +, KeyTag 25284, Signer-Name: io |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25284 used to validate the DS RRSet in the parent zone
|
|
|
| 2 DNSKEY RR found
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point) |
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256 |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner johnley.io., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 13.10.2024, 05:17:11 +, Signature-Inception: 13.08.2024, 05:17:11 +, KeyTag 2371, Signer-Name: johnley.io |
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "AaspUisSptOGitKHqFOhCSm5MKBxqf9WDX3CxjuEV8A=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: stream.johnley.io
|
stream.johnley.io
| 0 DS RR in the parent zone found
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "stream.johnley.io" and the NextOwner "\000.stream.johnley.io". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA |
|
|
| 0 DNSKEY RR found
|
|
|
| |
|
|
| RRSIG Type 1 validates the A - Result: 104.171.242.252
Validated: RRSIG-Owner dns.johnley.io., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 06.09.2024, 07:10:02 +, Signature-Inception: 04.09.2024, 05:10:02 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| RRSIG Type 5 validates the CNAME - Result: dns.johnley.io
Validated: RRSIG-Owner stream.johnley.io., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 06.09.2024, 07:10:02 +, Signature-Inception: 04.09.2024, 05:10:02 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "stream.johnley.io" equal the NSEC-owner "stream.johnley.io" and the NextOwner "\000.stream.johnley.io". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner stream.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:02 +, Signature-Inception: 04.09.2024, 05:10:02 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "stream.johnley.io" equal the NSEC-owner "stream.johnley.io" and the NextOwner "\000.stream.johnley.io". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner stream.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:02 +, Signature-Inception: 04.09.2024, 05:10:02 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query (_443._tcp.stream.johnley.io) sends a valid NSEC RR as result with the query name "_443._tcp.stream.johnley.io" equal the NSEC-owner "_443._tcp.stream.johnley.io" and the NextOwner "\000._443._tcp.stream.johnley.io". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC, 128 Validated: RRSIG-Owner _443._tcp.stream.johnley.io., Algorithm: 13, 5 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:02 +, Signature-Inception: 04.09.2024, 05:10:02 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "stream.johnley.io" equal the NSEC-owner "stream.johnley.io" and the NextOwner "\000.stream.johnley.io". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner stream.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:02 +, Signature-Inception: 04.09.2024, 05:10:02 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
Zone: www.stream.johnley.io
|
www.stream.johnley.io
| 0 DS RR in the parent zone found
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.stream.johnley.io" and the NextOwner "\000.www.stream.johnley.io". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: RRSIG, NSEC, 128 |
|
Zone: (root)
|
(root)
| 1 DS RR published
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0= |
|
|
| • Status: Valid because published
|
|
|
| 2 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 20038, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point) |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 20.09.2024, 00:00:00 +, Signature-Inception: 30.08.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root) |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: io
|
io
| 1 DS RR in the parent zone found
|
|
|
| DS with Algorithm 8, KeyTag 57355, DigestType 2 and Digest laV8O6t4SdvN33xyracaiBRrFBEQMYylvmcgV+hlw+I= |
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
| RRSIG-Owner io., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 18.09.2024, 05:00:00 +, Signature-Inception: 05.09.2024, 04:00:00 +, KeyTag 20038, Signer-Name: (root) |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone
|
|
|
| 3 DNSKEY RR found
|
|
|
| Public Key with Algorithm 8, KeyTag 15621, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 25284, Flags 256 |
|
|
| Public Key with Algorithm 8, KeyTag 57355, Flags 257 (SEP = Secure Entry Point) |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner io., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2024, 16:12:54 +, Signature-Inception: 01.09.2024, 15:12:54 +, KeyTag 57355, Signer-Name: io |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 57355 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 57355, DigestType 2 and Digest "laV8O6t4SdvN33xyracaiBRrFBEQMYylvmcgV+hlw+I=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: johnley.io
|
johnley.io
| 1 DS RR in the parent zone found
|
|
|
| DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest AaspUisSptOGitKHqFOhCSm5MKBxqf9WDX3CxjuEV8A= |
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
| RRSIG-Owner johnley.io., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 22.09.2024, 16:12:54 +, Signature-Inception: 01.09.2024, 15:12:54 +, KeyTag 25284, Signer-Name: io |
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 25284 used to validate the DS RRSet in the parent zone
|
|
|
| 2 DNSKEY RR found
|
|
|
| Public Key with Algorithm 13, KeyTag 2371, Flags 257 (SEP = Secure Entry Point) |
|
|
| Public Key with Algorithm 13, KeyTag 34505, Flags 256 |
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
| RRSIG-Owner johnley.io., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 13.10.2024, 05:17:11 +, Signature-Inception: 13.08.2024, 05:17:11 +, KeyTag 2371, Signer-Name: johnley.io |
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 2371 used to validate the DNSKEY RRSet
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 2371, DigestType 2 and Digest "AaspUisSptOGitKHqFOhCSm5MKBxqf9WDX3CxjuEV8A=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
Zone: dns.johnley.io
|
dns.johnley.io
| 0 DS RR in the parent zone found
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "dns.johnley.io" and the NextOwner "\000.dns.johnley.io". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA |
|
|
| 0 DNSKEY RR found
|
|
|
| |
|
|
| RRSIG Type 1 validates the A - Result: 104.171.242.252
Validated: RRSIG-Owner dns.johnley.io., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 06.09.2024, 07:10:28 +, Signature-Inception: 04.09.2024, 05:10:28 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "dns.johnley.io" equal the NSEC-owner "dns.johnley.io" and the NextOwner "\000.dns.johnley.io". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner dns.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:28 +, Signature-Inception: 04.09.2024, 05:10:28 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "dns.johnley.io" equal the NSEC-owner "dns.johnley.io" and the NextOwner "\000.dns.johnley.io". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner dns.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:28 +, Signature-Inception: 04.09.2024, 05:10:28 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "dns.johnley.io" equal the NSEC-owner "dns.johnley.io" and the NextOwner "\000.dns.johnley.io". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI, CAA Validated: RRSIG-Owner dns.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:28 +, Signature-Inception: 04.09.2024, 05:10:28 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| TLSA-Query (_443._tcp.dns.johnley.io) sends a valid NSEC RR as result with the query name "_443._tcp.dns.johnley.io" equal the NSEC-owner "_443._tcp.dns.johnley.io" and the NextOwner "\000._443._tcp.dns.johnley.io". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: RRSIG, NSEC, 128 Validated: RRSIG-Owner _443._tcp.dns.johnley.io., Algorithm: 13, 5 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:28 +, Signature-Inception: 04.09.2024, 05:10:28 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "dns.johnley.io" equal the NSEC-owner "dns.johnley.io" and the NextOwner "\000.dns.johnley.io". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, 13, MX, TXT, AAAA, LOC, SRV, NAPTR, CERT, SSHFP, RRSIG, NSEC, TLSA, 53, HIP, 61, 64, 65, URI Validated: RRSIG-Owner dns.johnley.io., Algorithm: 13, 3 Labels, original TTL: 1800 sec, Signature-expiration: 06.09.2024, 07:10:28 +, Signature-Inception: 04.09.2024, 05:10:28 +, KeyTag 34505, Signer-Name: johnley.io |
|
|
| Status: Good. NoData-Proof required and found.
|