Zone (*) | DNSSEC - Informations |
---|
|
|
Zone: (root)
|
|
(root)
| 1 DS RR published
|
|
|
|
|
| DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest 4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=
|
|
|
|
|
| • Status: Valid because published
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 5613, Flags 256
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| Public Key with Algorithm 8, KeyTag 30903, Flags 256
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 22.04.2024, 00:00:00 +, Signature-Inception: 01.04.2024, 00:00:00 +, KeyTag 20326, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: br
|
|
br
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 38298, DigestType 2 and Digest ny1Jk/R7DydR3gAH1wonVO5TL+NzdhFU2ep6jLnY6hg=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner br., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 15.04.2024, 18:00:00 +, Signature-Inception: 02.04.2024, 17:00:00 +, KeyTag 5613, Signer-Name: (root)
|
|
|
|
|
| • Status: Good - Algorithmus 8 and DNSKEY with KeyTag 5613 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 2 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 3278, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 38298, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner br., Algorithm: 13, 1 Labels, original TTL: 21600 sec, Signature-expiration: 21.04.2024, 12:00:00 +, Signature-Inception: 31.03.2024, 12:00:00 +, KeyTag 38298, Signer-Name: br
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 38298 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 38298, DigestType 2 and Digest "ny1Jk/R7DydR3gAH1wonVO5TL+NzdhFU2ep6jLnY6hg=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: jus.br
|
|
jus.br
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 57034, DigestType 2 and Digest k9y+9xGZqTpcNxoEHS5Y2chbs9nnfwv05hSfMLh76Fg=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner jus.br., Algorithm: 13, 2 Labels, original TTL: 21600 sec, Signature-expiration: 16.04.2024, 20:56:08 +, Signature-Inception: 02.04.2024, 19:56:08 +, KeyTag 3278, Signer-Name: br
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 3278 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 1 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 57034, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner jus.br., Algorithm: 13, 2 Labels, original TTL: 21600 sec, Signature-expiration: 17.04.2024, 03:20:08 +, Signature-Inception: 03.04.2024, 02:20:08 +, KeyTag 57034, Signer-Name: jus.br
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 57034 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 57034, DigestType 2 and Digest "k9y+9xGZqTpcNxoEHS5Y2chbs9nnfwv05hSfMLh76Fg=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: tre-rs.jus.br
|
|
tre-rs.jus.br
| 1 DS RR in the parent zone found
|
|
|
|
|
| DS with Algorithm 13, KeyTag 53388, DigestType 2 and Digest 7SR/i+5/PQoE/PYVKi5+36YLjd8bKrCpxDa0AIOI0fc=
|
|
|
|
|
| 1 RRSIG RR to validate DS RR found
|
|
|
|
|
| RRSIG-Owner tre-rs.jus.br., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 16.04.2024, 20:56:08 +, Signature-Inception: 02.04.2024, 19:56:08 +, KeyTag 57034, Signer-Name: jus.br
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 57034 used to validate the DS RRSet in the parent zone
|
|
|
|
|
| 3 DNSKEY RR found
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 5955, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 6788, Flags 256
|
|
|
|
|
| Public Key with Algorithm 13, KeyTag 53388, Flags 257 (SEP = Secure Entry Point)
|
|
|
|
|
| 1 RRSIG RR to validate DNSKEY RR found
|
|
|
|
|
| RRSIG-Owner tre-rs.jus.br., Algorithm: 13, 3 Labels, original TTL: 3600 sec, Signature-expiration: 03.04.2024, 10:00:00 +, Signature-Inception: 02.04.2024, 23:00:00 +, KeyTag 53388, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| • Status: Good - Algorithmus 13 and DNSKEY with KeyTag 53388 used to validate the DNSKEY RRSet
|
|
|
|
|
| • Status: Valid Chain of trust. Parent-DS with Algorithm 13, KeyTag 53388, DigestType 2 and Digest "7SR/i+5/PQoE/PYVKi5+36YLjd8bKrCpxDa0AIOI0fc=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone
|
|
|
Zone: ztn.tre-rs.jus.br
|
|
ztn.tre-rs.jus.br
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "ztn.tre-rs.jus.br" and the NextOwner "\000.ztn.tre-rs.jus.br". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA
|
|
|
|
|
| 0 DNSKEY RR found
|
|
|
|
|
|
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 201.48.22.7
Validated: RRSIG-Owner ztn.tre-rs.jus.br., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 03.04.2024, 04:29:22 +, Signature-Inception: 03.04.2024, 02:24:22 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| RRSIG Type 28 validates the AAAA - Result: 2001:1291:106D:0000:0000:0000:0000:0007
Validated: RRSIG-Owner ztn.tre-rs.jus.br., Algorithm: 13, 4 Labels, original TTL: 300 sec, Signature-expiration: 03.04.2024, 04:29:22 +, Signature-Inception: 03.04.2024, 02:24:22 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "ztn.tre-rs.jus.br" equal the NSEC-owner "ztn.tre-rs.jus.br" and the NextOwner "\000.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner ztn.tre-rs.jus.br., Algorithm: 13, 4 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:22 +, Signature-Inception: 03.04.2024, 02:24:22 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "ztn.tre-rs.jus.br" equal the NSEC-owner "ztn.tre-rs.jus.br" and the NextOwner "\000.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner ztn.tre-rs.jus.br., Algorithm: 13, 4 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:22 +, Signature-Inception: 03.04.2024, 02:24:22 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.ztn.tre-rs.jus.br) sends a valid NSEC RR as result with the query name "_443._tcp.ztn.tre-rs.jus.br" equal the NSEC-owner "_443._tcp.ztn.tre-rs.jus.br" and the NextOwner "\000._443._tcp.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner _443._tcp.ztn.tre-rs.jus.br., Algorithm: 13, 6 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:22 +, Signature-Inception: 03.04.2024, 02:24:22 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "ztn.tre-rs.jus.br" equal the NSEC-owner "ztn.tre-rs.jus.br" and the NextOwner "\000.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252 Validated: RRSIG-Owner ztn.tre-rs.jus.br., Algorithm: 13, 4 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:22 +, Signature-Inception: 03.04.2024, 02:24:22 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
Zone: www.ztn.tre-rs.jus.br
|
|
www.ztn.tre-rs.jus.br
| 0 DS RR in the parent zone found
|
|
|
|
|
| DS-Query in the parent zone has a valid NSEC RR as result with the domain name between the NSEC-Owner "www.ztn.tre-rs.jus.br" and the NextOwner "\000.www.ztn.tre-rs.jus.br". So the parent zone confirmes the non-existence of a DS RR.
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA
|
|
|
|
|
| RRSIG Type 1 validates the A - Result: 200.195.247.205
Validated: RRSIG-Owner www.ztn.tre-rs.jus.br., Algorithm: 13, 5 Labels, original TTL: 300 sec, Signature-expiration: 03.04.2024, 04:29:25 +, Signature-Inception: 03.04.2024, 02:24:25 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| CNAME-Query sends a valid NSEC RR as result with the query name "www.ztn.tre-rs.jus.br" equal the NSEC-owner "www.ztn.tre-rs.jus.br" and the NextOwner "\000.www.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that CNAME RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner www.ztn.tre-rs.jus.br., Algorithm: 13, 5 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:25 +, Signature-Inception: 03.04.2024, 02:24:25 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TXT-Query sends a valid NSEC RR as result with the query name "www.ztn.tre-rs.jus.br" equal the NSEC-owner "www.ztn.tre-rs.jus.br" and the NextOwner "\000.www.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that TXT RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner www.ztn.tre-rs.jus.br., Algorithm: 13, 5 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:25 +, Signature-Inception: 03.04.2024, 02:24:25 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| AAAA-Query sends a valid NSEC RR as result with the query name "www.ztn.tre-rs.jus.br" equal the NSEC-owner "www.ztn.tre-rs.jus.br" and the NextOwner "\000.www.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that AAAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner www.ztn.tre-rs.jus.br., Algorithm: 13, 5 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:25 +, Signature-Inception: 03.04.2024, 02:24:25 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| TLSA-Query (_443._tcp.www.ztn.tre-rs.jus.br) sends a valid NSEC RR as result with the query name "_443._tcp.www.ztn.tre-rs.jus.br" equal the NSEC-owner "_443._tcp.www.ztn.tre-rs.jus.br" and the NextOwner "\000._443._tcp.www.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that TLSA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, 64, 65, 99, 251, 252, CAA Validated: RRSIG-Owner _443._tcp.www.ztn.tre-rs.jus.br., Algorithm: 13, 7 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:26 +, Signature-Inception: 03.04.2024, 02:24:26 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|
|
|
|
|
| CAA-Query sends a valid NSEC RR as result with the query name "www.ztn.tre-rs.jus.br" equal the NSEC-owner "www.ztn.tre-rs.jus.br" and the NextOwner "\000.www.ztn.tre-rs.jus.br". So the zone confirmes the not-existence of that CAA RR, but the existence of that query name (minimal one RR with that name exists).
Bitmap: A, PTR, 13, MX, TXT, RP, AAAA, SRV, NAPTR, SSHFP, RRSIG, NSEC, TLSA, 64, 65, 99, 251, 252 Validated: RRSIG-Owner www.ztn.tre-rs.jus.br., Algorithm: 13, 5 Labels, original TTL: 86400 sec, Signature-expiration: 04.04.2024, 04:24:26 +, Signature-Inception: 03.04.2024, 02:24:26 +, KeyTag 5955, Signer-Name: tre-rs.jus.br
|
|
|
|
|
| Status: Good. NoData-Proof required and found.
|