View on GitHub

DNSViz: A DNS visualization tool

caltech.edu

« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (4)
  • caltech.edu/A
  • caltech.edu/MX
  • caltech.edu/NS
  • caltech.edu/TXT
Secure (1)
  • caltech.edu/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (10)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 33853)
  • ./DNSKEY (alg 8, id 48903)
  • caltech.edu/DNSKEY (alg 8, id 3435)
  • caltech.edu/DNSKEY (alg 8, id 46795)
  • caltech.edu/DNSKEY (alg 8, id 9606)
  • caltech.edu/DS (alg 8, id 46795)
  • edu/DNSKEY (alg 8, id 28065)
  • edu/DNSKEY (alg 8, id 50054)
  • edu/DS (alg 8, id 28065)

Delegation statusDelegation status

Secure (2)
  • . to edu
  • edu to caltech.edu

NoticesNotices

Errors (10)
  • RRSIG caltech.edu/A alg 8, id 3435: The Signature Expiration field of the RRSIG RR (2020-04-06 11:05:09+00:00) is 3 hours, 49 minutes in the past.
  • RRSIG caltech.edu/DNSKEY alg 8, id 3435: With a TTL of 172800 the RRSIG RR can be in the cache of a non-validating resolver until 1 day after it expires at 2020-04-06 18:43:28+00:00.
  • RRSIG caltech.edu/DNSKEY alg 8, id 3435: With a TTL of 172800 the RRSIG RR can be in the cache of a non-validating resolver until 1 day after it expires at 2020-04-06 18:43:28+00:00.
  • RRSIG caltech.edu/DNSKEY alg 8, id 3435: With a TTL of 172800 the RRSIG RR can be in the cache of a non-validating resolver until 1 day after it expires at 2020-04-06 18:43:28+00:00.
  • RRSIG caltech.edu/DNSKEY alg 8, id 46795: With a TTL of 172800 the RRSIG RR can be in the cache of a non-validating resolver until 1 day after it expires at 2020-04-06 18:43:28+00:00.
  • RRSIG caltech.edu/DNSKEY alg 8, id 46795: With a TTL of 172800 the RRSIG RR can be in the cache of a non-validating resolver until 1 day after it expires at 2020-04-06 18:43:28+00:00.
  • RRSIG caltech.edu/DNSKEY alg 8, id 46795: With a TTL of 172800 the RRSIG RR can be in the cache of a non-validating resolver until 1 day after it expires at 2020-04-06 18:43:28+00:00.
  • RRSIG caltech.edu/MX alg 8, id 3435: The Signature Expiration field of the RRSIG RR (2020-04-06 10:08:13+00:00) is 4 hours, 45 minutes in the past.
  • RRSIG caltech.edu/NS alg 8, id 3435: The Signature Expiration field of the RRSIG RR (2020-04-06 12:11:55+00:00) is 2 hours, 42 minutes in the past.
  • RRSIG caltech.edu/TXT alg 8, id 3435: The Signature Expiration field of the RRSIG RR (2020-04-06 11:05:09+00:00) is 3 hours, 49 minutes in the past.
Warnings (2)
  • caltech.edu/DS (alg 8, id 46795): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • caltech.edu/DS (alg 8, id 46795): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph