View on GitHub

DNSViz: A DNS visualization tool

gsu.edu

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (6)
  • gsu.edu/A
  • gsu.edu/MX
  • gsu.edu/NS
  • gsu.edu/SOA
  • gsu.edu/SOA
  • gsu.edu/TXT

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (7)
  • ./DNSKEY (alg 8, id 19036)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 46809)
  • edu/DNSKEY (alg 8, id 17552)
  • edu/DNSKEY (alg 8, id 28065)
  • edu/DS (alg 8, id 28065)
  • gsu.edu/DS (alg 5, id 35491)
Non_existent (1)
  • gsu.edu/DNSKEY (alg 5, id 35491)

Delegation statusDelegation status

Bogus (1)
  • edu to gsu.edu
Secure (1)
  • . to edu

NoticesNotices

Errors (23)
  • edu to gsu.edu: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (131.96.7.116, 131.96.7.124, UDP_-_EDNS0_4096_D, UDP_-_EDNS0_512_D)
  • edu to gsu.edu: The DS RRset for the zone included algorithm 5 (RSASHA1), but no DS RR matched a DNSKEY with algorithm 5 that signs the zone's DNSKEY RRset. (131.96.7.116, 131.96.7.124, UDP_-_EDNS0_4096_D, UDP_-_EDNS0_512_D)
  • edu/DS (alg 8, id 28065): DNSSEC was effectively downgraded because no response was received from the server over UDP (tried 6 times) with the DO bit set. (2001:500:12::d0d, UDP_-_EDNS0_4096_)
  • edu/DS (alg 8, id 28065): DNSSEC was effectively downgraded because no response was received from the server over UDP (tried 6 times) with the DO bit set. (2001:500:12::d0d, UDP_-_EDNS0_4096_)
  • edu/DS (alg 8, id 28065): No response was received from the server over UDP (tried 6 times) until the DO EDNS flag was cleared (however, this server appeared to respond legitimately to other queries with the DO EDNS flag set). (2001:500:12::d0d, UDP_-_EDNS0_4096_D)
  • edu/DS (alg 8, id 28065): No response was received from the server over UDP (tried 6 times) until the DO EDNS flag was cleared (however, this server appeared to respond legitimately to other queries with the DO EDNS flag set). (2001:500:12::d0d, UDP_-_EDNS0_4096_D)
  • edu/DS (alg 8, id 28065): The DNSSEC records necessary to validate the response could not be retrieved from the server. (2001:500:12::d0d, UDP_-_EDNS0_4096_D)
  • edu/DS (alg 8, id 28065): The DNSSEC records necessary to validate the response could not be retrieved from the server. (2001:500:12::d0d, UDP_-_EDNS0_4096_D)
  • gsu.edu zone: The server(s) responded over TCP with a malformed response or with an invalid RCODE. (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11)
  • gsu.edu zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11)
  • gsu.edu/A: No RRSIG covering the RRset was returned in the response. (131.96.7.116, 131.96.7.124, UDP_-_EDNS0_4096_D)
  • gsu.edu/A: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, UDP_-_NOEDNS_)
  • gsu.edu/DNSKEY: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, UDP_-_EDNS0_512_D, UDP_-_NOEDNS_)
  • gsu.edu/MX: No RRSIG covering the RRset was returned in the response. (131.96.7.116, 131.96.7.124, UDP_-_EDNS0_4096_D, UDP_-_EDNS0_512_D)
  • gsu.edu/MX: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, UDP_-_EDNS0_512_D, UDP_-_NOEDNS_)
  • gsu.edu/NS: No RRSIG covering the RRset was returned in the response. (131.96.7.116, 131.96.7.124, UDP_-_EDNS0_4096_D)
  • gsu.edu/NS: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, UDP_-_NOEDNS_)
  • gsu.edu/SOA: No RRSIG covering the RRset was returned in the response. (131.96.7.116, TCP_-_EDNS0_4096_D, UDP_-_EDNS0_4096_D)
  • gsu.edu/SOA: No RRSIG covering the RRset was returned in the response. (131.96.7.124, TCP_-_EDNS0_4096_D, UDP_-_EDNS0_4096_D)
  • gsu.edu/SOA: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, TCP_-_NOEDNS_)
  • gsu.edu/SOA: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, UDP_-_NOEDNS_)
  • gsu.edu/TXT: No RRSIG covering the RRset was returned in the response. (131.96.7.116, 131.96.7.124, UDP_-_EDNS0_4096_D)
  • gsu.edu/TXT: The response had an invalid RCODE (SERVFAIL). (131.144.4.9, 131.144.4.10, 198.72.72.10, 198.72.72.11, UDP_-_NOEDNS_)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph