Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5613, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20038, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.07.2024, 00:00:00 +, Signature-Inception: 01.07.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: org
|
|
org
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.07.2024, 20:00:00 +, Signature-Inception: 09.07.2024, 19:00:00 +, KeyTag 20038, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20038 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26974, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 36783, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 54228, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner org., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 30.07.2024, 15:22:51 +, Signature-Inception: 09.07.2024, 14:22:51 +, KeyTag 26974, Signer-Name: org
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26974 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 26974, DigestType 2 and Digest "T+3ilMU/Q4oVjEHTlInNeKhr6w2KCur/FHRcDRbh3jI=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: wellnestla.org
|
|
wellnestla.org
| 3 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 9940, DigestType 1 and Digest rYzbtN7RYhA5u0Vdq+ZCWip90nE=
|
|
|
|
|
| DS with Algorithm 13, KeyTag 9940, DigestType 2 and Digest XhzFEZdKkQUfnednW+tHV35/7XNF33sqcHzRIkxvEfs=
|
|
|
|
|
| DS with Algorithm 13, KeyTag 9940, DigestType 4 and Digest 8divSQcc+Z0doCZP7d4qqAHWGMVsz6XFwjtoPs5qOqxdGbmYl7xiLTkVzeAa4Xd+
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner wellnestla.org., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 30.07.2024, 15:22:51 +, Signature-Inception: 09.07.2024, 14:22:51 +, KeyTag 36783, Signer-Name: org
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 36783 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 9940, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 9940 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 9940, DigestType 1 and Digest "rYzbtN7RYhA5u0Vdq+ZCWip90nE=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 9940, DigestType 2 and Digest "XhzFEZdKkQUfnednW+tHV35/7XNF33sqcHzRIkxvEfs=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 9940, DigestType 4 and Digest "8divSQcc+Z0doCZP7d4qqAHWGMVsz6XFwjtoPs5qOqxdGbmYl7xiLTkVzeAa4Xd+" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 66.42.80.63
Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 7200 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: MS=ms18992778
apple-domain-verification=Hv3R5Xp0VJFxuT4V
google-site-verification=3w2kxD--IDw21BZgEhExAil4wYQVQafKiZLczJxWIz4
sophos-domain-verification=fb164ad978d41aeb1dba87ccc18f2b37ca4a810bab78f0d447da28b14465cc0e
atlassian-domain-verification=Fx3Uxa3cdt973Jq4RLg8s9hTm441PAfuANk7FGDS0UniNPjtB3r5yzy/8/scW5hW
v=spf1 include:_spf.neonemails.com ip4:192.168.0.1/16 include:spf.protection.outlook.com include:mail.zendesk.com ~all
Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 7200 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| RRSIG Type 257 validates the CAA - Result: 5|issueletsencrypt.org
Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 900 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.wellnestla.org) sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC-Records, so DNSSEC works.
|
|
|
Zone: www.wellnestla.org
|
|
www.wellnestla.org
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "wellnestla.org" and the NextOwner "wellnestla.org". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 66.42.80.63
Validated: RRSIG-Owner www.wellnestla.org., Algorithm: 13, 3 Labels, original TTL: 7200 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| RRSIG Type 16 validates the TXT - Result: sophos-domain-verification=c33d77a23f2fdedbadc3c878e89f8e5f1b264f394822f6bb9cccaa581853f0a1
Validated: RRSIG-Owner www.wellnestla.org., Algorithm: 13, 3 Labels, original TTL: 7200 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| TLSA-Query (_443._tcp.www.wellnestla.org) sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC-Records, so DNSSEC works.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC-Records, so DNSSEC works.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the NSEC-owner "wellnestla.org" equal the NextOwner "wellnestla.org". So the zone confirmes that no other domain name exists.
Bitmap: A, NS, SOA, MX, TXT, RRSIG, NSEC, DNSKEY, CAA Validated: RRSIG-Owner wellnestla.org., Algorithm: 13, 2 Labels, original TTL: 3600 sec, Signature-expiration: 18.07.2024, 00:00:00 +, Signature-Inception: 27.06.2024, 00:00:00 +, KeyTag 9940, Signer-Name: wellnestla.org
|
|
|
|
|
| Status: Fatal / bogus. NoError+NoDataResult sent, the answer says, the query name exists, the NSEC covers the Query Name, but there are not enough informations about wildcards: NoError - there must be a confirmed wildcard expansion to create the query name. Recalculate the zone or update the name server software. Or there is a Man in the middle, who has removed one of the required NSEC-Records, so DNSSEC works.
|