Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 59944, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 10.09.2019, 00:00:00 +, Signature-Inception: 20.08.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 11.09.2019, 05:00:00 +, Signature-Inception: 29.08.2019, 04:00:00 +, KeyTag 59944, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 17708, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 04.09.2019, 18:25:33 +, Signature-Inception: 20.08.2019, 18:20:33 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: vunn.com
|
|
vunn.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner vunn.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 05.09.2019, 05:47:12 +, Signature-Inception: 29.08.2019, 04:37:12 +, KeyTag 17708, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 17708 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 30227, Flags 256
|
|
|
|
|
| Public Key with Algorithm 7, KeyTag 31065, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner vunn.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 08:43:05 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG-Owner vunn.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 08:43:05 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 31065, Signer-Name: vunn.com
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 30227 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 7 and DNSKEY with KeyTag 31065 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 7, KeyTag 31065, DigestType 2 and Digest "kIuLsnCHOUdbJhZlu6O4yLJiM7pio+6pUfRlT9fRi7k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.228.136.144
Validated: RRSIG-Owner vunn.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 07:48:44 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: v=spf1 ip4:217.10.14.233 ip4:217.10.14.44 ip4:185.228.136.144 ip4:188.68.45.194 ip4:5.189.136.46 ip4:173.249.21.64 ip6:2a02:c207:3002:7375::1/64 ip6:2a03:4000:23:8c::1/64 ~all
Validated: RRSIG-Owner vunn.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 13:19:20 +, Signature-Inception: 26.08.2019, 12:19:20 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A03:4000:0023:008C:0000:0000:0000:0001
Validated: RRSIG-Owner vunn.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 07:48:44 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 52 validates the TLSA - Result (_443._tcp.vunn.com): _443._tcp.vunn.com: CertUsage 2 (DANE-TA, Trust anchor assertion), Selector: 1 (SPKI, SubjectPublicKeyInfo), Matching: 1 (SHA2-256, 256 bit hash by SHA2), CertificateAssociationData: 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
Validated: RRSIG-Owner _443._tcp.vunn.com., Algorithm: 7, 4 Labels, original TTL: 259200 sec, Signature-expiration: 27.09.2019, 08:04:20 +, Signature-Inception: 28.08.2019, 07:04:20 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|iodefmailto:hostmaster@aw.net
5|issueletsencrypt.org
9|issuewildletsencrypt.org
Validated: RRSIG-Owner vunn.com., Algorithm: 7, 2 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 07:48:44 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 47, expiration 2019-09-25 07:48:44 + validates the NSEC RR that proves the not-existence of the CNAME RR. Owner vunn.com, NextOwner: _dmarc.vunn.com.
Bitmap: A, NS, SOA, MX, TXT, RP, AAAA, RRSIG, NSEC, DNSKEY, CAA
|
|
|
Zone: www.vunn.com
|
|
www.vunn.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.vunn.com" and the NextOwner "vunn.com". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, RP, AAAA, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 185.228.136.144
Validated: RRSIG-Owner www.vunn.com., Algorithm: 7, 3 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 08:41:51 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2A03:4000:0023:008C:0000:0000:0000:0001
Validated: RRSIG-Owner www.vunn.com., Algorithm: 7, 3 Labels, original TTL: 259200 sec, Signature-expiration: 25.09.2019, 08:41:51 +, Signature-Inception: 26.08.2019, 07:43:05 +, KeyTag 30227, Signer-Name: vunn.com
|
|
|
|
|
| RRSIG Type 47, expiration 2019-09-25 08:41:51 + validates the NSEC RR that proves the not-existence of the CNAME RR. Owner www.vunn.com, NextOwner: vunn.com.
Bitmap: A, RP, AAAA, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-09-25 08:41:51 + validates the NSEC RR that proves the not-existence of the TXT RR. Owner www.vunn.com, NextOwner: vunn.com.
Bitmap: A, RP, AAAA, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-09-25 08:41:51 + validates the NSEC RR that proves the not-existence of the TLSA RR. Owner www.vunn.com, NextOwner: vunn.com.
Bitmap: A, RP, AAAA, RRSIG, NSEC
|
|
|
|
|
| RRSIG Type 47, expiration 2019-09-25 08:41:51 + validates the NSEC RR that proves the not-existence of the CAA RR. Owner www.vunn.com, NextOwner: vunn.com.
Bitmap: A, RP, AAAA, RRSIG, NSEC
|