Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 22545, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 31.12.2019, 00:00:00 +, Signature-Inception: 10.12.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: nl
|
|
nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 29.12.2019, 17:00:00 +, Signature-Inception: 16.12.2019, 16:00:00 +, KeyTag 22545, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 22545 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 34112, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 34498, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner nl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 30.12.2019, 17:36:12 +, Signature-Inception: 16.12.2019, 05:38:02 +, KeyTag 34112, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34112 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 34112, DigestType 2 and Digest "PFtfmzVXRVxQdRqb6evpI4yI4Z9fB/kwl2kXtRuVzSI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: tweedekamer.nl
|
|
tweedekamer.nl
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner tweedekamer.nl., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 25.12.2019, 04:36:49 +, Signature-Inception: 11.12.2019, 03:08:02 +, KeyTag 34498, Signer-Name: nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 34498 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5568, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 38842, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner tweedekamer.nl., Algorithm: 8, 2 Labels, original TTL: 172800 sec, Signature-expiration: 20.12.2019, 17:51:17 +, Signature-Inception: 16.12.2019, 17:10:01 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG-Owner tweedekamer.nl., Algorithm: 8, 2 Labels, original TTL: 172800 sec, Signature-expiration: 20.12.2019, 17:51:17 +, Signature-Inception: 16.12.2019, 17:10:01 +, KeyTag 38842, Signer-Name: tweedekamer.nl
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5568 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 38842 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 38842, DigestType 2 and Digest "SUeiBqAH2buFZfxSY8Xt0NjnNn5UC3ADYDsAKd05k0A=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 80.95.173.105
Validated: RRSIG-Owner tweedekamer.nl., Algorithm: 8, 2 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 04:21:53 +, Signature-Inception: 16.12.2019, 03:39:38 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: MS=ms35452888
hqsbtrmg7fqi4anu31qbkorlk3
citrix.mobile.ads.otp=vhbuo4h4wi698f0xczg7
Tweede Kamer der Staten-Generaal, Dutch Parliament
google-site-verification=syMQgaMzj3S01l4B8PbkO--lznYFlHvZRvVQbCEvo9A
v=spf1 mx a:www.tweedekamer.nl ip4:213.207.90.158 ip4:34.252.27.239 ip4:34.251.157.56 include:_spf.intermax.nl -all
Validated: RRSIG-Owner tweedekamer.nl., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 20.12.2019, 14:22:35 +, Signature-Inception: 16.12.2019, 13:31:28 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:4C10:0005:0623:0000:0000:0000:0105
Validated: RRSIG-Owner tweedekamer.nl., Algorithm: 8, 2 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 10:19:30 +, Signature-Inception: 16.12.2019, 10:05:07 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.tweedekamer.nl): _443._tcp.tweedekamer.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 6c1c001756c3bce6395f5491c2fa51a557374008270d8434a32b6a1a387bbb04
Validated: RRSIG-Owner _443._tcp.tweedekamer.nl., Algorithm: 8, 4 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 03:03:24 +, Signature-Inception: 16.12.2019, 02:43:52 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 50, expiration 2019-12-20 15:45:35 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
|
|
| RRSIG Type 50, expiration 2019-12-20 15:45:35 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, NS, SOA, MX, TXT, AAAA, RRSIG, DNSKEY, NSEC3PARAM
|
|
|
Zone: www.tweedekamer.nl
|
|
www.tweedekamer.nl
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "634umd1u2diq3t7o500e1lpdiq6pgha4" between the hashed NSEC3-owner "634umd1u2diq3t7o500e1lpdiq6pgha4" and the hashed NextOwner "67o2sb0sp04ui8vefii07ga333h69vs8". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, AAAA, RRSIG Validated: RRSIG-Owner 634umd1u2diq3t7o500e1lpdiq6pgha4.tweedekamer.nl., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 14:22:35 +, Signature-Inception: 16.12.2019, 13:31:28 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 80.95.173.105
Validated: RRSIG-Owner www.tweedekamer.nl., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 17:23:15 +, Signature-Inception: 16.12.2019, 17:15:59 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:4C10:0005:0623:0000:0000:0000:0105
Validated: RRSIG-Owner www.tweedekamer.nl., Algorithm: 8, 3 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 17:39:06 +, Signature-Inception: 16.12.2019, 16:55:30 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.www.tweedekamer.nl): _443._tcp.www.tweedekamer.nl: CertUsage 3 (DANE-EE, Domain-issued certificate), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 6c1c001756c3bce6395f5491c2fa51a557374008270d8434a32b6a1a387bbb04
Validated: RRSIG-Owner _443._tcp.www.tweedekamer.nl., Algorithm: 8, 5 Labels, original TTL: 900 sec, Signature-expiration: 20.12.2019, 03:03:24 +, Signature-Inception: 16.12.2019, 02:43:52 +, KeyTag 5568, Signer-Name: tweedekamer.nl
|
|
|
|
|
| RRSIG Type 50, expiration 2019-12-20 14:22:35 + validates the NSEC3 RR that proves the not-existence of the CNAME RR.
Bitmap: A, AAAA, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-12-20 14:22:35 + validates the NSEC3 RR that proves the not-existence of the TXT RR.
Bitmap: A, AAAA, RRSIG
|
|
|
|
|
| RRSIG Type 50, expiration 2019-12-20 14:22:35 + validates the NSEC3 RR that proves the not-existence of the CAA RR.
Bitmap: A, AAAA, RRSIG
|