View on GitHub

DNSViz: A DNS visualization tool

dnssek.info

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (4)
  • dnssek.info/MX
  • dnssek.info/NS
  • dnssek.info/SOA
  • dnssek.info/TXT

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Bogus (2)
  • dnssek.info/DNSKEY (alg 8, id 38286)
  • dnssek.info/DNSKEY (alg 8, id 532)
Secure (9)
  • ./DNSKEY (alg 8, id 19036)
  • ./DNSKEY (alg 8, id 39291)
  • ./DNSKEY (alg 8, id 46551)
  • dnssek.info/DS (alg 8, id 532)
  • info/DNSKEY (alg 7, id 10275)
  • info/DNSKEY (alg 7, id 65121)
  • info/DNSKEY (alg 7, id 8674)
  • info/DNSKEY (alg 7, id 9980)
  • info/DS (alg 7, id 8674)

Delegation statusDelegation status

Bogus (1)
  • info to dnssek.info
Secure (1)
  • . to info

NoticesNotices

Errors (4)
  • RRSIG dnssek.info/DNSKEY alg 8, id 532: The Signature Expiration field of the RRSIG RR (2016-10-11 15:33:29+00:00) is 9 minutes in the past.
  • RRSIG dnssek.info/DNSKEY alg 8, id 532: The Signature Expiration field of the RRSIG RR (2016-10-11 15:33:29+00:00) is 9 minutes in the past.
  • RRSIG dnssek.info/NS alg 8, id 38286: With a TTL of 43200 the RRSIG RR can be in the cache of a non-validating resolver until 6 hours, 12 minutes after it expires at 2016-10-11 21:30:21+00:00.
  • info to dnssek.info: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (45.56.97.49, 106.187.89.79, 192.101.186.19, 2001:470:8165:1::2f9, 2400:8900::f03c:91ff:fedf:63c0, 2600:3c03::f03c:91ff:fe9b:9379, UDP_-_EDNS0_4096_D)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph