View on GitHub

DNSViz: A DNS visualization tool

cicimar.ipn.mx

Updated: 2021-05-28 05:25:10 UTC (1304 days ago) Update now
« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
  10. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (4)
  • cicimar.ipn.mx/A
  • cicimar.ipn.mx/NS
  • cicimar.ipn.mx/SOA
  • ipn.mx/SOA
Secure (1)
  • mx/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Insecure (5)
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS
  • ipn.mx/DNSKEY (alg 10, id 57728)
  • ipn.mx/DNSKEY (alg 10, id 65049)
Secure (6)
  • ./DNSKEY (alg 8, id 14631)
  • ./DNSKEY (alg 8, id 20326)
  • NSEC3 proving non-existence of ipn.mx/DS
  • mx/DNSKEY (alg 8, id 36526)
  • mx/DNSKEY (alg 8, id 49357)
  • mx/DS (alg 8, id 49357)

Delegation statusDelegation status

Incomplete (1)
  • ipn.mx to cicimar.ipn.mx
Insecure (1)
  • mx to ipn.mx
Secure (1)
  • . to mx

NoticesNotices

Errors (24)
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/A alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • RRSIG cicimar.ipn.mx/A alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • RRSIG cicimar.ipn.mx/A alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: The Signer's Name field of the RRSIG RR (ipn.mx) does not match the name of the zone containing the RRset (cicimar.ipn.mx). See RFC 4035, Sec. 5.3.1.
  • ipn.mx to cicimar.ipn.mx: No delegation NS records were detected in the parent zone (ipn.mx). This results in an NXDOMAIN response to a DS query (for DNSSEC), even if the parent servers are authoritative for the child. See RFC 1034, Sec. 4.2.2. (148.204.103.2, 148.204.198.2, 148.204.235.2, TCP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_4096_D_KN)
  • mx zone: The server(s) were not responsive to queries over UDP. See RFC 1035, Sec. 4.2. (2001:13c7:7000::1)
  • cicimar.ipn.mx/DS has errors; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
  • 8uedl3gv7r.cicimar.ipn.mx/A has errors; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/MX has errors; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/TXT has errors; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (47)
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of cicimar.ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of cicimar.ipn.mx/DS alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/A alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/A alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/A alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG cicimar.ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG ipn.mx/SOA alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • ipn.mx to cicimar.ipn.mx: No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. See RFC 6891, Sec. 6.2.6. (148.204.103.2, UDP_-_EDNS0_4096_D_KN)
  • cicimar.ipn.mx/DS has warnings; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/AAAA has warnings; select the "Denial of existence" DNSSEC option to see them.
  • 8uedl3gv7r.cicimar.ipn.mx/A has warnings; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/MX has warnings; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/TXT has warnings; select the "Denial of existence" DNSSEC option to see them.
  • cicimar.ipn.mx/DNSKEY has warnings; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph