Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 26116, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 21.11.2020, 00:00:00 +, Signature-Inception: 31.10.2020, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: com
|
|
com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest 4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 22.11.2020, 05:00:00 +, Signature-Inception: 09.11.2020, 04:00:00 +, KeyTag 26116, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 26116 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30909, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 31510, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner com., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 16.11.2020, 19:24:21 +, Signature-Inception: 01.11.2020, 19:19:21 +, KeyTag 30909, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 30909 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 30909, DigestType 2 and Digest "4tPJFvbe6scylOgmj7WIUESoM/xUWViPSpGEz8QaV2Y=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ipv6-things.com
|
|
ipv6-things.com
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 40439, DigestType 2 and Digest Dc946c81WL+SiukYBzxxC6VJC0tpNgRcpvLVggzdg/Q=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner ipv6-things.com., Algorithm: 8, 2 Labels, original TTL: 86400 sec, Signature-expiration: 16.11.2020, 10:32:10 +, Signature-Inception: 09.11.2020, 09:22:10 +, KeyTag 31510, Signer-Name: com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 31510 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 40439, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 63255, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner ipv6-things.com., Algorithm: 8, 2 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 40439, Signer-Name: ipv6-things.com
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 40439 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 40439, DigestType 2 and Digest "Dc946c81WL+SiukYBzxxC6VJC0tpNgRcpvLVggzdg/Q=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: www2.ipv6-things.com
|
|
www2.ipv6-things.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "k3vdero8dlj5rambvjnjcgtgrkbsckck" between the hashed NSEC3-owner "k3vdero8dlj5rambvjnjcgtgrkbsckck" and the hashed NextOwner "kthcu4siuim3paed0p9it08g28pcjse8". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2602:0806:A003:040E:0000:0000:0001:0005
Validated: RRSIG-Owner www2.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 3600 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| A-Query sends a valid NSEC3 RR as result with the hashed query name "k3vdero8dlj5rambvjnjcgtgrkbsckck" equal the hashed NSEC3-owner "k3vdero8dlj5rambvjnjcgtgrkbsckck" and the hashed NextOwner "kthcu4siuim3paed0p9it08g28pcjse8". So the zone confirmes the not-existence of that A RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "k3vdero8dlj5rambvjnjcgtgrkbsckck" equal the hashed NSEC3-owner "k3vdero8dlj5rambvjnjcgtgrkbsckck" and the hashed NextOwner "kthcu4siuim3paed0p9it08g28pcjse8". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "k3vdero8dlj5rambvjnjcgtgrkbsckck" equal the hashed NSEC3-owner "k3vdero8dlj5rambvjnjcgtgrkbsckck" and the hashed NextOwner "kthcu4siuim3paed0p9it08g28pcjse8". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www2.ipv6-things.com) sends a valid NSEC3 RR as result with the hashed owner name "k3vdero8dlj5rambvjnjcgtgrkbsckck" (unhashed: www2.ipv6-things.com). So that's the Closest Encloser of the query name.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "3230jkmvg76tmkckfuaorg67gu4f4g6m" (unhashed: _tcp.www2.ipv6-things.com) with the owner "2jvogg91191odeuhh3kk0gg9090e2o48" and the NextOwner "5cg39f9ucm9rkje0oam7j3pucrdma3h0". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner 2jvogg91191odeuhh3kk0gg9090e2o48.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "0uqs619kp01pp1uvp2nuuknhc7bdp1mb" (unhashed: *.www2.ipv6-things.com) with the owner "014jfn7q0ni6eb4k90h6csaq9mgoq3r7" and the NextOwner "1lrobit27jno9l65eobvisgh83mhkmfb". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner 014jfn7q0ni6eb4k90h6csaq9mgoq3r7.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "k3vdero8dlj5rambvjnjcgtgrkbsckck" equal the hashed NSEC3-owner "k3vdero8dlj5rambvjnjcgtgrkbsckck" and the hashed NextOwner "kthcu4siuim3paed0p9it08g28pcjse8". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.www2.ipv6-things.com
|
|
www.www2.ipv6-things.com
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "jk2vcques0sjvl3dfvvfbgfk6v5fj58p" between the hashed NSEC3-owner "hu6c8l40baoptr6r2jum4riklg98m51g" and the hashed NextOwner "k3vdero8dlj5rambvjnjcgtgrkbsckck". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner hu6c8l40baoptr6r2jum4riklg98m51g.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "k3vdero8dlj5rambvjnjcgtgrkbsckck" as Owner. That's the Hash of "www2.ipv6-things.com" with the NextHashedOwnerName "kthcu4siuim3paed0p9it08g28pcjse8". So that domain name is the Closest Encloser of "www.www2.ipv6-things.com". Opt-Out: False.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner k3vdero8dlj5rambvjnjcgtgrkbsckck.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|
|
|
|
|
| The ClosestEncloser says, that "*.www2.ipv6-things.com" with the Hash "0uqs619kp01pp1uvp2nuuknhc7bdp1mb" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "014jfn7q0ni6eb4k90h6csaq9mgoq3r7" and the Next Owner "1lrobit27jno9l65eobvisgh83mhkmfb", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: AAAA, RRSIG Validated: RRSIG-Owner 014jfn7q0ni6eb4k90h6csaq9mgoq3r7.ipv6-things.com., Algorithm: 8, 3 Labels, original TTL: 300 sec, Signature-expiration: 30.11.2020, 10:30:49 +, Signature-Inception: 08.11.2020, 10:30:49 +, KeyTag 63255, Signer-Name: ipv6-things.com
|