Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 951, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 11.02.2023, 00:00:00 +, Signature-Inception: 21.01.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 06.02.2023, 22:00:00 +, Signature-Inception: 24.01.2023, 21:00:00 +, KeyTag 951, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 951 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 36739, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.02.2023, 18:24:21 +, Signature-Inception: 20.01.2023, 18:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: vetterdev.com
|
|
vetterdev.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 12739, DigestType 2 and Digest Cyu5iKT8y0rodRIpIvwihxlJ5CW/46B/m6xQUmIvkSw=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner vetterdev.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 29.01.2023, 20:17:33 +, Signature-Inception: 22.01.2023, 19:07:33 +, KeyTag 36739, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 36739 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 12739, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 41370, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner vetterdev.com., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 12739, Signer-Name: vetterdev.com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 12739 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 12739, DigestType 2 and Digest "Cyu5iKT8y0rodRIpIvwihxlJ5CW/46B/m6xQUmIvkSw=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 24.220.59.115
Validated: RRSIG-Owner vetterdev.com., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 include:_spf.google.com ~all
Validated: RRSIG-Owner vetterdev.com., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" equal the hashed NSEC3-owner "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" and the hashed NextOwner "mcj48prkdo3uptrdq5flqkst7rdec0ar". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CDS, 99 Validated: RRSIG-Owner ghgsbrdm3o4t1dq0qku90ginkuljg9ma.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" equal the hashed NSEC3-owner "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" and the hashed NextOwner "mcj48prkdo3uptrdq5flqkst7rdec0ar". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CDS, 99 Validated: RRSIG-Owner ghgsbrdm3o4t1dq0qku90ginkuljg9ma.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.vetterdev.com) sends a valid NSEC3 RR as result with the hashed owner name "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" (unhashed: vetterdev.com). So that's the Closest Encloser of the query name.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CDS, 99 Validated: RRSIG-Owner ghgsbrdm3o4t1dq0qku90ginkuljg9ma.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "5690k0q8usfas76o4qvf235c11jn697s" (unhashed: _tcp.vetterdev.com) with the owner "uvv1vrljabs3sro93vt9tvp0esmr1gj0" and the NextOwner "8j85ldq66v05fqa65739ol4ag7ma47mb". So that NSEC3 confirms the not-existence of the Next Closer Name. TLSA-Query (_443._tcp.vetterdev.com) sends a valid NSEC3 RR as result with the owner name "uvv1vrljabs3sro93vt9tvp0esmr1gj0" greater the NextOwner-Name "8j85ldq66v05fqa65739ol4ag7ma47mb", so the NSEC3 covers the end of the zone. The hashed query name "1934u817f4cv5p36cvenc2aggv2dv6vc" comes before the hashed NextOwner, so the zone confirmes the not-existence of that TLSA RR.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner uvv1vrljabs3sro93vt9tvp0esmr1gj0.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "sv68a3ihb9vjtlsobnmpl1c5hg7dh6dv" (unhashed: *.vetterdev.com) with the owner "pt622ffnf27e7uah05t2s6aj14l0ctsv" and the NextOwner "u1h8b915pdrmnavapn4l85dsd5lhvlh7". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: No Bitmap? Validated: RRSIG-Owner pt622ffnf27e7uah05t2s6aj14l0ctsv.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" equal the hashed NSEC3-owner "ghgsbrdm3o4t1dq0qku90ginkuljg9ma" and the hashed NextOwner "mcj48prkdo3uptrdq5flqkst7rdec0ar". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, NS, SOA, MX, TXT, RRSIG, DNSKEY, NSEC3PARAM, CDS, 99 Validated: RRSIG-Owner ghgsbrdm3o4t1dq0qku90ginkuljg9ma.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.vetterdev.com
|
|
www.vetterdev.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "u1h8b915pdrmnavapn4l85dsd5lhvlh7" between the hashed NSEC3-owner "u1h8b915pdrmnavapn4l85dsd5lhvlh7" and the hashed NextOwner "uvv1vrljabs3sro93vt9tvp0esmr1gj0". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner u1h8b915pdrmnavapn4l85dsd5lhvlh7.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 24.220.59.115
Validated: RRSIG-Owner www.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "u1h8b915pdrmnavapn4l85dsd5lhvlh7" equal the hashed NSEC3-owner "u1h8b915pdrmnavapn4l85dsd5lhvlh7" and the hashed NextOwner "uvv1vrljabs3sro93vt9tvp0esmr1gj0". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner u1h8b915pdrmnavapn4l85dsd5lhvlh7.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "u1h8b915pdrmnavapn4l85dsd5lhvlh7" equal the hashed NSEC3-owner "u1h8b915pdrmnavapn4l85dsd5lhvlh7" and the hashed NextOwner "uvv1vrljabs3sro93vt9tvp0esmr1gj0". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner u1h8b915pdrmnavapn4l85dsd5lhvlh7.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "u1h8b915pdrmnavapn4l85dsd5lhvlh7" equal the hashed NSEC3-owner "u1h8b915pdrmnavapn4l85dsd5lhvlh7" and the hashed NextOwner "uvv1vrljabs3sro93vt9tvp0esmr1gj0". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner u1h8b915pdrmnavapn4l85dsd5lhvlh7.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.vetterdev.com) sends a valid NSEC3 RR as result with the hashed owner name "u1h8b915pdrmnavapn4l85dsd5lhvlh7" (unhashed: www.vetterdev.com). So that's the Closest Encloser of the query name.
Bitmap: A, RRSIG Validated: RRSIG-Owner u1h8b915pdrmnavapn4l85dsd5lhvlh7.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "05qu2jo8eeqfivd1md19t0n5kpkj7i52" (unhashed: _tcp.www.vetterdev.com) with the owner "uvv1vrljabs3sro93vt9tvp0esmr1gj0" and the NextOwner "8j85ldq66v05fqa65739ol4ag7ma47mb". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: TXT, RRSIG Validated: RRSIG-Owner uvv1vrljabs3sro93vt9tvp0esmr1gj0.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "tcgomuk7tgtim2mna7b6u4me7p1edvci" (unhashed: *.www.vetterdev.com) with the owner "pt622ffnf27e7uah05t2s6aj14l0ctsv" and the NextOwner "u1h8b915pdrmnavapn4l85dsd5lhvlh7". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: No Bitmap? Validated: RRSIG-Owner pt622ffnf27e7uah05t2s6aj14l0ctsv.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "u1h8b915pdrmnavapn4l85dsd5lhvlh7" equal the hashed NSEC3-owner "u1h8b915pdrmnavapn4l85dsd5lhvlh7" and the hashed NextOwner "uvv1vrljabs3sro93vt9tvp0esmr1gj0". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner u1h8b915pdrmnavapn4l85dsd5lhvlh7.vetterdev.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 12.02.2023, 20:17:33 +, Signature-Inception: 21.01.2023, 20:17:33 +, KeyTag 41370, Signer-Name: vetterdev.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|