_acme-challenge.tizlab.xyz
Updated:
2022-07-16 01:05:59 UTC (909 days ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Insecure (2)
- _acme-challenge.tizlab.xyz/TXT
- tizlab.xyz/CNAME
Secure (2)
- xyz/SOA
- xyz/SOA
DNSKEY/DS/NSEC status
Secure (7)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 20826)
- NSEC3 proving non-existence of tizlab.xyz/DS
- xyz/DNSKEY (alg 8, id 3599)
- xyz/DNSKEY (alg 8, id 53358)
- xyz/DS (alg 8, id 3599)
- xyz/DS (alg 8, id 3599)
Delegation status
Insecure (1)
- xyz to tizlab.xyz
Secure (1)
- . to xyz
Notices
Errors (2)
- NSEC3 proving non-existence of tizlab.xyz/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of tizlab.xyz/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
Warnings (6)
- tizlab.xyz/CNAME: The server returned CNAME for tizlab.xyz, but records of other types exist at that name. See RFC 2181, Sec. 10.1.
- xyz/DS (alg 8, id 3599): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
- xyz/DS (alg 8, id 3599): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
- xyz/DS (alg 8, id 3599): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
- xyz/DS (alg 8, id 3599): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
- tizlab.xyz/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.
JavaScript is required to make the graph below interactive.
