View on GitHub
berkeley.edu
Updated:
2024-05-07 16:48:09 UTC
(
11 days ago
)
Update now
« Previous analysis
|
Next analysis »
Tweet
DNSSEC
Responses
Servers
Analyze
DNSSEC options (
hide
)
|?|
RR types:
--All--
A
AAAA
TXT
PTR
MX
NS
SOA
CNAME
SRV
NAPTR
TLSA
NSEC3PARAM
CAA
|?|
DNSSEC algorithms:
--All--
1 - RSA/MD5
3 - DSA/SHA1
5 - RSA/SHA-1
6 - DSA-NSEC3-SHA1
7 - RSASHA1-NSEC3-SHA1
8 - RSA/SHA-256
10 - RSA/SHA-512
12 - GOST R 34.10-2001
13 - ECDSA Curve P-256 with SHA-256
14 - ECDSA Curve P-384 with SHA-384
15 - Ed25519
16 - Ed448
|?|
DS digest algorithms:
--All--
1 - SHA-1
2 - SHA-256
3 - GOST R 34.11-94
4 - SHA-384
|?|
Denial of existence:
|?|
Redundant edges:
|?|
Trust anchors:
Root zone KSK
|?|
Additional trusted keys:
Notices
DNSSEC Authentication Chain
RRset status
Secure
(5)
berkeley.edu/A
berkeley.edu/MX
berkeley.edu/NS
berkeley.edu/SOA
berkeley.edu/TXT
DNSKEY/DS/NSEC status
Secure
(11)
./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 5613)
berkeley.edu/DNSKEY (alg 10, id 41603)
berkeley.edu/DNSKEY (alg 10, id 47918)
berkeley.edu/DNSKEY (alg 10, id 59277)
berkeley.edu/DNSKEY (alg 10, id 63536)
berkeley.edu/DS (alg 10, id 38028)
berkeley.edu/DS (alg 10, id 59277)
edu/DNSKEY (alg 13, id 35663)
edu/DNSKEY (alg 13, id 41543)
edu/DS (alg 13, id 35663)
Non_existent
(1)
berkeley.edu/DNSKEY (alg 10, id 38028)
Delegation status
Secure
(2)
. to edu
edu to berkeley.edu
Notices
Warnings
(15)
RRSIG berkeley.edu/A alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 59277: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 59277: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 59277: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/DNSKEY alg 10, id 59277: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/MX alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/NS alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/SOA alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG berkeley.edu/TXT alg 10, id 41603: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
edu to berkeley.edu: Authoritative AAAA records exist for adns1.berkeley.edu, but there are no corresponding AAAA glue records.
edu to berkeley.edu: Authoritative AAAA records exist for adns2.berkeley.edu, but there are no corresponding AAAA glue records.
DNSKEY legend
Full legend
SEP bit set
Revoke bit set
Trust anchor
See also
DNSSEC Debugger
by
Verisign Labs
.
Download:
png
|
svg
JavaScript is required to make the graph below interactive.