View on GitHub

DNSViz: A DNS visualization tool

5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.c.0.0.0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (1)
  • 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.c.0.0.0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/PTR

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Bogus (6)
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 25124)
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 57718)
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 57718)
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 57718)
  • 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 30705)
  • 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 47242)
Secure (20)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 26116)
  • ./DNSKEY (alg 8, id 46594)
  • 5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 31223)
  • 5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 49851)
  • 5.0.1.0.0.2.ip6.arpa/DNSKEY (alg 5, id 53670)
  • 5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 53670)
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242)
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242)
  • arpa/DNSKEY (alg 8, id 42581)
  • arpa/DNSKEY (alg 8, id 4825)
  • arpa/DNSKEY (alg 8, id 57156)
  • arpa/DS (alg 8, id 42581)
  • arpa/DS (alg 8, id 42581)
  • ip6.arpa/DNSKEY (alg 8, id 21619)
  • ip6.arpa/DNSKEY (alg 8, id 30469)
  • ip6.arpa/DNSKEY (alg 8, id 64060)
  • ip6.arpa/DS (alg 8, id 13880)
  • ip6.arpa/DS (alg 8, id 45094)
  • ip6.arpa/DS (alg 8, id 64060)
Non_existent (2)
  • ip6.arpa/DNSKEY (alg 8, id 13880)
  • ip6.arpa/DNSKEY (alg 8, id 45094)

Delegation statusDelegation status

Bogus (1)
  • 5.0.1.0.0.2.ip6.arpa to 9.5.5.0.1.0.0.2.ip6.arpa
Secure (4)
  • . to arpa
  • 9.5.5.0.1.0.0.2.ip6.arpa to 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa
  • arpa to ip6.arpa
  • ip6.arpa to 5.0.1.0.0.2.ip6.arpa

NoticesNotices

Errors (3)
  • 5.0.1.0.0.2.ip6.arpa to 9.5.5.0.1.0.0.2.ip6.arpa: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (68.87.68.244, 68.87.72.244, 68.87.76.228, 68.87.85.132, 69.252.250.103, 2001:558:1004:7:68:87:85:132, 2001:558:100a:5:68:87:68:244, 2001:558:100e:5:68:87:72:244, 2001:558:1014:c:68:87:76:228, 2001:558:fe23:8:69:252:250:103, UDP_-_EDNS0_4096_D_K)
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 47242: The Signature Expiration field of the RRSIG RR (2020-05-09 17:44:32+00:00) is 149 days in the past.
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 47242: The Signature Expiration field of the RRSIG RR (2020-05-09 17:44:32+00:00) is 149 days in the past.
Warnings (35)
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 57718): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 57718): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 57718): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 57718): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • 5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 53670): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • 5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 53670): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242): In the spirit of RFC 4509, DS records with digest type 1 (SHA-1) might be ignored when DS records with digest type 4 (SHA-384) exist in the same RRset.
  • 9.5.5.0.1.0.0.2.ip6.arpa/DS (alg 5, id 47242): In the spirit of RFC 4509, DS records with digest type 1 (SHA-1) might be ignored when DS records with digest type 4 (SHA-384) exist in the same RRset.
  • RRSIG 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 25124: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 25124: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 57718: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 57718: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS alg 5, id 30705: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/DS alg 5, id 30705: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.c.0.0.0.0.0.8.9.5.5.0.1.0.0.2.ip6.arpa/PTR alg 5, id 25124: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 49851: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 49851: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 49851: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 53670: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 53670: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 53670: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 30705: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 30705: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 47242: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DNSKEY alg 5, id 47242: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DS alg 5, id 49851: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • RRSIG 9.5.5.0.1.0.0.2.ip6.arpa/DS alg 5, id 49851: DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).
  • arpa/DS (alg 8, id 42581): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • arpa/DS (alg 8, id 42581): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • arpa/DS (alg 8, id 42581): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • arpa/DS (alg 8, id 42581): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph