View on GitHub

DNSViz: A DNS visualization tool

test.dnssec-or-not.net

Updated: 2014-09-22 12:13:06 UTC (1122 days ago) Update now
« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (1)
  • test.dnssec-or-not.net/CNAME

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Insecure (9)
  • ./DNSKEY (alg 8, id 19036)
  • ./DNSKEY (alg 8, id 22603)
  • ./DNSKEY (alg 8, id 8230)
  • dnssec-or-not.net/DNSKEY (alg 5, id 2256)
  • dnssec-or-not.net/DNSKEY (alg 5, id 38947)
  • dnssec-or-not.net/DS (alg 5, id 38947)
  • net/DNSKEY (alg 8, id 32507)
  • net/DNSKEY (alg 8, id 35886)
  • net/DS (alg 8, id 35886)

Delegation statusDelegation status

Insecure (2)
  • . to net
  • net to dnssec-or-not.net

NoticesNotices

Warnings (28)
  • RRSIG ./DNSKEY alg 8, id 19036: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG ./DNSKEY alg 8, id 19036: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG ./DNSKEY alg 8, id 19036: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 2256: The value of the Signature Inception field of the RRSIG RR (2014-09-22 12:13:01+00:00) is within possible clock skew range (1 second) of the current time (2014-09-22 12:13:02+00:00).
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 2256: The value of the Signature Inception field of the RRSIG RR (2014-09-22 12:13:01+00:00) is within possible clock skew range (1 second) of the current time (2014-09-22 12:13:02+00:00).
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 2256: Validation of DNSSEC algorithm 5 (RSASHA1) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 2256: Validation of DNSSEC algorithm 5 (RSASHA1) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 38947: The value of the Signature Inception field of the RRSIG RR (2014-09-22 12:13:01+00:00) is within possible clock skew range (1 second) of the current time (2014-09-22 12:13:02+00:00).
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 38947: The value of the Signature Inception field of the RRSIG RR (2014-09-22 12:13:01+00:00) is within possible clock skew range (1 second) of the current time (2014-09-22 12:13:02+00:00).
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 38947: Validation of DNSSEC algorithm 5 (RSASHA1) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG dnssec-or-not.net/DNSKEY alg 5, id 38947: Validation of DNSSEC algorithm 5 (RSASHA1) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG dnssec-or-not.net/DS alg 8, id 32507: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG net/DNSKEY alg 8, id 35886: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG net/DNSKEY alg 8, id 35886: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG net/DS alg 8, id 8230: Validation of DNSSEC algorithm 8 (RSASHA256) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG test.dnssec-or-not.net/CNAME alg 5, id 2256: The value of the Signature Inception field of the RRSIG RR (2014-09-22 12:13:06+00:00) is within possible clock skew range (0 seconds) of the current time (2014-09-22 12:13:06+00:00).
  • RRSIG test.dnssec-or-not.net/CNAME alg 5, id 2256: The value of the Signature Inception field of the RRSIG RR (2014-09-22 12:13:06+00:00) is within possible clock skew range (0 seconds) of the current time (2014-09-22 12:13:06+00:00).
  • RRSIG test.dnssec-or-not.net/CNAME alg 5, id 2256: Validation of DNSSEC algorithm 5 (RSASHA1) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • RRSIG test.dnssec-or-not.net/CNAME alg 5, id 2256: Validation of DNSSEC algorithm 5 (RSASHA1) is not supported by this code, so the cryptographic status of this RRSIG is unknown.
  • dnssec-or-not.net/DNSKEY (alg 5, id 2256): The server appeared to understand EDNS by including RRSIG records, but its response included no OPT record. (72.13.58.76, 72.13.58.80, UDP_0_EDNS0_32768_4096)
  • dnssec-or-not.net/DNSKEY (alg 5, id 38947): The server appeared to understand EDNS by including RRSIG records, but its response included no OPT record. (72.13.58.76, 72.13.58.80, UDP_0_EDNS0_32768_4096)
  • dnssec-or-not.net/DNSKEY: The server appeared to understand EDNS by including RRSIG records, but its response included no OPT record. (72.13.58.76, 72.13.58.80, UDP_0_EDNS0_32768_512)
  • dnssec-or-not.net/DS (alg 5, id 38947): Generating cryptographic hashes using algorithm 2 (SHA-256) is not supported by this code, so the cryptographic status of the DS RR is unknown.
  • dnssec-or-not.net/DS (alg 5, id 38947): Generating cryptographic hashes using algorithm 2 (SHA-256) is not supported by this code, so the cryptographic status of the DS RR is unknown.
  • net to dnssec-or-not.net: The following NS name(s) were found in the delegation NS RRset (i.e., in the net zone), but not in the authoritative NS RRset: ns0.dnssec-or-not.org, ns1.dnssec-or-not.org
  • net/DS (alg 8, id 35886): Generating cryptographic hashes using algorithm 2 (SHA-256) is not supported by this code, so the cryptographic status of the DS RR is unknown.
  • net/DS (alg 8, id 35886): Generating cryptographic hashes using algorithm 2 (SHA-256) is not supported by this code, so the cryptographic status of the DS RR is unknown.
  • test.dnssec-or-not.net/CNAME: The server appeared to understand EDNS by including RRSIG records, but its response included no OPT record. (72.13.58.76, 72.13.58.80, UDP_0_EDNS0_32768_4096)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph