Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 60955, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2023, 00:00:00 +, Signature-Inception: 10.06.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cloud
|
|
cloud
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 23374, DigestType 2 and Digest BQOo+za8l88/ujsBhr4ENk5XQ7NFqJKI/V37lnLXNhk=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner cloud., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.06.2023, 05:00:00 +, Signature-Inception: 13.06.2023, 04:00:00 +, KeyTag 60955, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 2853, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 23374, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner cloud., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 11.07.2023, 11:47:54 +, Signature-Inception: 11.06.2023, 11:04:54 +, KeyTag 2853, Signer-Name: cloud
|
|
|
|
|
| RRSIG-Owner cloud., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 11.07.2023, 11:47:54 +, Signature-Inception: 11.06.2023, 11:04:54 +, KeyTag 23374, Signer-Name: cloud
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 2853 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 23374 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 23374, DigestType 2 and Digest "BQOo+za8l88/ujsBhr4ENk5XQ7NFqJKI/V37lnLXNhk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: vng.cloud
|
|
vng.cloud
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 26919, DigestType 2 and Digest huw4ZKgkyWccGJnbWWlX+pLRMRz7jam2yjCs6Kh2R5k=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner vng.cloud., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.07.2023, 09:49:02 +, Signature-Inception: 11.06.2023, 09:06:04 +, KeyTag 2853, Signer-Name: cloud
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 2853 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 26919, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 31071, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner vng.cloud., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 26919, Signer-Name: vng.cloud
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 26919 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 26919, DigestType 2 and Digest "huw4ZKgkyWccGJnbWWlX+pLRMRz7jam2yjCs6Kh2R5k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: zaken-auth.vng.cloud
|
|
zaken-auth.vng.cloud
| 0 DS RR in the parent zone found
|
|
|
|
|
| RRSIG Type 5 validates the CNAME - Result: traefik.cluster-azure-common-prod.haven.vng.cloud
Validated: RRSIG-Owner zaken-auth.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
Zone: www.zaken-auth.vng.cloud
|
|
www.zaken-auth.vng.cloud
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone sends valid NSEC3 RR with the Hash "54sbqvrsq56gb02c59u0jqak9duk820s" as Owner. That's the Hash of "zaken-auth.vng.cloud" with the NextHashedOwnerName "5cr9pkr6eajvjseo8sghhf9a9f23r448". So that domain name is the Closest Encloser of "www.zaken-auth.vng.cloud". Opt-Out: False.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner 54sbqvrsq56gb02c59u0jqak9duk820s.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| The ClosestEncloser says, that "*.zaken-auth.vng.cloud" with the Hash "hj44t8p142kqiclmm8a1ukta864srgs6" is a possible Wildcard of the DS Query Name. But the DS-Query in the parent zone sends a valid NSEC3 RR With the owner "g2hrsdsq086pn58tvnanfs7unsljvdeb" and the Next Owner "i0nv9ncm2ftcvc5g98qrfdrerlqvriku", so the Hash of the wildcard is between these hashes. So that NSEC3 proves the Not-existence of that wildcard expansion. Opt-Out: False.
Bitmap: No Bitmap? Validated: RRSIG-Owner g2hrsdsq086pn58tvnanfs7unsljvdeb.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 60955, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 01.07.2023, 00:00:00 +, Signature-Inception: 10.06.2023, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: cloud
|
|
cloud
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 8, KeyTag 23374, DigestType 2 and Digest BQOo+za8l88/ujsBhr4ENk5XQ7NFqJKI/V37lnLXNhk=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner cloud., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 26.06.2023, 05:00:00 +, Signature-Inception: 13.06.2023, 04:00:00 +, KeyTag 60955, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 60955 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 2853, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 23374, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 2 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner cloud., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 11.07.2023, 11:47:54 +, Signature-Inception: 11.06.2023, 11:04:54 +, KeyTag 2853, Signer-Name: cloud
|
|
|
|
|
| RRSIG-Owner cloud., Algorithm: 8, 1 Labels, original TTL: 7200 sec, Signature-expiration: 11.07.2023, 11:47:54 +, Signature-Inception: 11.06.2023, 11:04:54 +, KeyTag 23374, Signer-Name: cloud
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 2853 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 23374 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 23374, DigestType 2 and Digest "BQOo+za8l88/ujsBhr4ENk5XQ7NFqJKI/V37lnLXNhk=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: vng.cloud
|
|
vng.cloud
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 26919, DigestType 2 and Digest huw4ZKgkyWccGJnbWWlX+pLRMRz7jam2yjCs6Kh2R5k=
|
|
|
|
|
| 2 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner vng.cloud., Algorithm: 8, 2 Labels, original TTL: 3600 sec, Signature-expiration: 11.07.2023, 09:49:02 +, Signature-Inception: 11.06.2023, 09:06:04 +, KeyTag 2853, Signer-Name: cloud
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 2853 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 26919, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 31071, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner vng.cloud., Algorithm: 13, 2 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 26919, Signer-Name: vng.cloud
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 26919 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 26919, DigestType 2 and Digest "huw4ZKgkyWccGJnbWWlX+pLRMRz7jam2yjCs6Kh2R5k=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: haven.vng.cloud
|
|
haven.vng.cloud
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "q9vc8v1a4vrpd1gdneiif24iruaonolp" between the hashed NSEC3-owner "q9vc8v1a4vrpd1gdneiif24iruaonolp" and the hashed NextOwner "rbmqtsiqljusioplpcok2ucp79rarr7r". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: MX, TXT, RRSIG Validated: RRSIG-Owner q9vc8v1a4vrpd1gdneiif24iruaonolp.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: cluster-azure-common-prod.haven.vng.cloud
|
|
cluster-azure-common-prod.haven.vng.cloud
| 0 DS RR in the parent zone found
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
Zone: traefik.cluster-azure-common-prod.haven.vng.cloud
|
|
traefik.cluster-azure-common-prod.haven.vng.cloud
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "j35gnsjt2rrauj9pnudpjg3dd41kkigh" between the hashed NSEC3-owner "j35gnsjt2rrauj9pnudpjg3dd41kkigh" and the hashed NextOwner "jbusseqh9i6qhvk5amrlvq4n202tfch4". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: A, RRSIG Validated: RRSIG-Owner j35gnsjt2rrauj9pnudpjg3dd41kkigh.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 51.105.105.131
Validated: RRSIG-Owner traefik.cluster-azure-common-prod.haven.vng.cloud., Algorithm: 13, 5 Labels, original TTL: 3600 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| CNAME-Query sends a valid NSEC3 RR as result with the hashed query name "j35gnsjt2rrauj9pnudpjg3dd41kkigh" equal the hashed NSEC3-owner "j35gnsjt2rrauj9pnudpjg3dd41kkigh" and the hashed NextOwner "jbusseqh9i6qhvk5amrlvq4n202tfch4". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner j35gnsjt2rrauj9pnudpjg3dd41kkigh.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC3 RR as result with the hashed query name "j35gnsjt2rrauj9pnudpjg3dd41kkigh" equal the hashed NSEC3-owner "j35gnsjt2rrauj9pnudpjg3dd41kkigh" and the hashed NextOwner "jbusseqh9i6qhvk5amrlvq4n202tfch4". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner j35gnsjt2rrauj9pnudpjg3dd41kkigh.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC3 RR as result with the hashed query name "j35gnsjt2rrauj9pnudpjg3dd41kkigh" equal the hashed NSEC3-owner "j35gnsjt2rrauj9pnudpjg3dd41kkigh" and the hashed NextOwner "jbusseqh9i6qhvk5amrlvq4n202tfch4". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner j35gnsjt2rrauj9pnudpjg3dd41kkigh.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.traefik.cluster-azure-common-prod.haven.vng.cloud) sends a valid NSEC3 RR as result with the hashed owner name "j35gnsjt2rrauj9pnudpjg3dd41kkigh" (unhashed: traefik.cluster-azure-common-prod.haven.vng.cloud). So that's the Closest Encloser of the query name.
Bitmap: A, RRSIG Validated: RRSIG-Owner j35gnsjt2rrauj9pnudpjg3dd41kkigh.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Next Closer Name "vrfhj0plegegmcmohd1tubsicbe5vcva" (unhashed: _tcp.traefik.cluster-azure-common-prod.haven.vng.cloud) with the owner "ulfp4ad5cv0797sopfr4dirdeheq2uch" and the NextOwner "07ardmfre7r23vrguochhn76ovakdjvk". So that NSEC3 confirms the not-existence of the Next Closer Name.
Bitmap: No Bitmap? Validated: RRSIG-Owner ulfp4ad5cv0797sopfr4dirdeheq2uch.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| TLSA-Query sends a valid NSEC3 RR as result and covers the hashed Wildcard expansion of the ClosestEncloser "nl9fcqbqbok3s3b6kuu8uq2oj8o78d7q" (unhashed: *.traefik.cluster-azure-common-prod.haven.vng.cloud) with the owner "ndtkj9ka8dsriohaiv3f96t5smb0r20o" and the NextOwner "nurvg4ag80638539lmbnn9cns33k3p01". So that NSEC3 confirms the not-existence of the Wildcard expansion.
Bitmap: CNAME, RRSIG Validated: RRSIG-Owner ndtkj9ka8dsriohaiv3f96t5smb0r20o.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NXDomain-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC3 RR as result with the hashed query name "j35gnsjt2rrauj9pnudpjg3dd41kkigh" equal the hashed NSEC3-owner "j35gnsjt2rrauj9pnudpjg3dd41kkigh" and the hashed NextOwner "jbusseqh9i6qhvk5amrlvq4n202tfch4". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, RRSIG Validated: RRSIG-Owner j35gnsjt2rrauj9pnudpjg3dd41kkigh.vng.cloud., Algorithm: 13, 3 Labels, original TTL: 300 sec, Signature-expiration: 22.06.2023, 00:00:00 +, Signature-Inception: 01.06.2023, 00:00:00 +, KeyTag 31071, Signer-Name: vng.cloud
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|