tni-au.mil.id

Updated: 2024-02-05 03:55:44 UTC (73 days ago) Update now

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Bogus (5)

tni-au.mil.id/A
tni-au.mil.id/MX
tni-au.mil.id/NS
tni-au.mil.id/SOA
tni-au.mil.id/TXT

DNSKEY/DS/NSEC status

Bogus (2)

tni-au.mil.id/DNSKEY (alg 5, id 17839)
tni-au.mil.id/DNSKEY (alg 5, id 30553)

Secure (11)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 30903)
id/DNSKEY (alg 8, id 22449)
id/DNSKEY (alg 8, id 26887)
id/DS (alg 8, id 26887)
mil.id/DNSKEY (alg 10, id 23342)
mil.id/DNSKEY (alg 10, id 27192)
mil.id/DS (alg 10, id 27192)
tni-au.mil.id/DS (alg 13, id 8230)
tni-au.mil.id/DS (alg 5, id 17839)
tni-au.mil.id/DS (alg 5, id 17839)

Non_existent (1)

tni-au.mil.id/DNSKEY (alg 13, id 8230)

Delegation status

Bogus (1)

mil.id to tni-au.mil.id

Secure (2)

. to id
id to mil.id

Notices

Errors (24)

RRSIG tni-au.mil.id/A alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/DNSKEY alg 5, id 17839: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/DNSKEY alg 5, id 17839: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/DNSKEY alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/DNSKEY alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/MX alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/NS alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/SOA alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-12-08 05:09:25+00:00) is 58 days in the past.
RRSIG tni-au.mil.id/SOA alg 5, id 30553: The cryptographic signature of the RRSIG RR does not properly validate.
RRSIG tni-au.mil.id/TXT alg 5, id 30553: The Signature Expiration field of the RRSIG RR (2023-11-17 04:18:40+00:00) is 79 days in the past.
RRSIG tni-au.mil.id/TXT alg 5, id 30553: The cryptographic signature of the RRSIG RR does not properly validate.
id zone: The server(s) were not responsive to queries over UDP. (2402:ee80:c::c)
mil.id to tni-au.mil.id: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)
mil.id to tni-au.mil.id: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no DS RR matched a DNSKEY with algorithm 13 that signs the zone's DNSKEY RRset. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)
mil.id zone: The server(s) were not responsive to queries over TCP. (45.126.57.57)
mil.id zone: The server(s) were not responsive to queries over UDP. (2402:ee80:c::c)
mil.id/DNSKEY: No response was received from the server over TCP (tried 12 times). (45.126.57.57, TCP_-_EDNS0_4096_D_KN)
tni-au.mil.id/A: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)
tni-au.mil.id/DNSKEY (alg 5, id 17839): The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)
tni-au.mil.id/DNSKEY (alg 5, id 30553): The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)
tni-au.mil.id/MX: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
tni-au.mil.id/NS: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)
tni-au.mil.id/SOA: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, TCP_-_EDNS0_4096_D_N, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_4096_D_KN_0x20)
tni-au.mil.id/TXT: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. (103.147.231.211, 103.147.231.212, UDP_-_EDNS0_4096_D_KN)

Warnings (22)

RRSIG mil.id/DNSKEY alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 27192: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 27192: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG tni-au.mil.id/A alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/DNSKEY alg 5, id 17839: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/DNSKEY alg 5, id 17839: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/DNSKEY alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/DNSKEY alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/DS alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG tni-au.mil.id/DS alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG tni-au.mil.id/DS alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG tni-au.mil.id/MX alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/NS alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/SOA alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
RRSIG tni-au.mil.id/TXT alg 5, id 30553: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
mil.id/DNSKEY (alg 10, id 23342): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2402:ee80:d::d, UDP_-_EDNS0_4096_D_KN)
mil.id/DNSKEY (alg 10, id 27192): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2402:ee80:d::d, UDP_-_EDNS0_4096_D_KN)
tni-au.mil.id/DS (alg 5, id 17839): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
tni-au.mil.id/DS (alg 5, id 17839): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
tni-au.mil.id/DS (alg 5, id 17839): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
tni-au.mil.id/DS (alg 5, id 17839): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.