View on GitHub

DNSViz: A DNS visualization tool

datenknoten.me

Updated: 2020-07-10 18:45:02 UTC (1409 days ago) Update now
« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Secure (6)
  • datenknoten.me/A
  • datenknoten.me/AAAA
  • datenknoten.me/MX
  • datenknoten.me/NS
  • datenknoten.me/SOA
  • datenknoten.me/TXT

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (12)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 46594)
  • ./DNSKEY (alg 8, id 48903)
  • datenknoten.me/DNSKEY (alg 10, id 50180)
  • datenknoten.me/DNSKEY (alg 10, id 55857)
  • datenknoten.me/DS (alg 10, id 55857)
  • me/DNSKEY (alg 7, id 20555)
  • me/DNSKEY (alg 7, id 2569)
  • me/DNSKEY (alg 7, id 52877)
  • me/DNSKEY (alg 7, id 53233)
  • me/DS (alg 7, id 2569)
  • me/DS (alg 7, id 2569)

Delegation statusDelegation status

Secure (2)
  • . to me
  • me to datenknoten.me

NoticesNotices

Errors (11)
  • RRSIG datenknoten.me/A alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/AAAA alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/DNSKEY alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/DNSKEY alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/DNSKEY alg 10, id 55857: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/DNSKEY alg 10, id 55857: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/MX alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/NS alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/SOA alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • RRSIG datenknoten.me/TXT alg 10, id 50180: The Signature Expiration field of the RRSIG RR (2020-06-26 16:28:42+00:00) is 14 days in the past.
  • me to datenknoten.me: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (95.85.45.221, 2a03:b0c0:0:1010::fb:8001, UDP_-_EDNS0_4096_D_K)
Warnings (39)
  • RRSIG datenknoten.me/A alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/A alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/AAAA alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/AAAA alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 55857: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 55857: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 55857: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DNSKEY alg 10, id 55857: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/DS alg 7, id 20555: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG datenknoten.me/MX alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/MX alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/NS alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/NS alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/SOA alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/SOA alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/TXT alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG datenknoten.me/TXT alg 10, id 50180: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
  • RRSIG me/DNSKEY alg 7, id 20555: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 20555: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 20555: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 20555: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 2569: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 2569: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 2569: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 2569: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 53233: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 53233: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 53233: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • RRSIG me/DNSKEY alg 7, id 53233: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1).
  • me to datenknoten.me: Authoritative AAAA records exist for ns2.datenknoten.me, but there are no corresponding AAAA glue records.
  • me to datenknoten.me: Authoritative AAAA records exist for ns3.datenknoten.me, but there are no corresponding AAAA glue records.
  • me/DS (alg 7, id 2569): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • me/DS (alg 7, id 2569): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • me/DS (alg 7, id 2569): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • me/DS (alg 7, id 2569): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph