View on GitHub

DNSViz: A DNS visualization tool

daitoshi.mlit.go.jp

« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
  10. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (3)
  • daitoshi.mlit.go.jp/A
  • daitoshi.mlit.go.jp/TXT
  • mlit.go.jp/SOA
Secure (1)
  • jp/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (7)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 61050)
  • NSEC3 proving non-existence of mlit.go.jp/DS
  • jp/DNSKEY (alg 8, id 15414)
  • jp/DNSKEY (alg 8, id 22111)
  • jp/DNSKEY (alg 8, id 35821)
  • jp/DS (alg 8, id 35821)

Delegation statusDelegation status

Insecure (2)
  • jp to mlit.go.jp
  • mlit.go.jp to daitoshi.mlit.go.jp
Secure (1)
  • . to jp

NoticesNotices

Errors (16)
  • ./DNSKEY: No response was received from the server over UDP (tried 4 times). See RFC 1035, Sec. 4.2. (192.33.4.12, UDP_-_EDNS0_512_D_KN)
  • daitoshi.mlit.go.jp zone: The server(s) responded over TCP with a malformed response or with an invalid RCODE. See RFC 1035, Sec. 4.1.1. (205.251.194.238, 205.251.196.147, 205.251.198.41, 2600:9000:5302:ee00::1, 2600:9000:5304:9300::1, 2600:9000:5306:2900::1)
  • daitoshi.mlit.go.jp zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. See RFC 1035, Sec. 4.1.1. (205.251.194.238, 205.251.196.147, 205.251.198.41, 2600:9000:5302:ee00::1, 2600:9000:5304:9300::1, 2600:9000:5306:2900::1)
  • daitoshi.mlit.go.jp/A: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (205.251.194.238, 205.251.196.147, 205.251.198.41, 2600:9000:5302:ee00::1, 2600:9000:5304:9300::1, 2600:9000:5306:2900::1, UDP_-_EDNS0_4096_D_KN)
  • daitoshi.mlit.go.jp/DNSKEY: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (205.251.194.238, 205.251.196.147, 205.251.198.41, 2600:9000:5302:ee00::1, 2600:9000:5304:9300::1, 2600:9000:5306:2900::1, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • daitoshi.mlit.go.jp/TXT: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (205.251.194.238, 205.251.196.147, 205.251.198.41, 2600:9000:5302:ee00::1, 2600:9000:5304:9300::1, 2600:9000:5306:2900::1, UDP_-_EDNS0_4096_D_KN)
  • daitoshi.mlit.go.jp/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/NSEC3PARAM has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/SOA has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/CDS has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/MX has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/NS has errors; select the "Denial of existence" DNSSEC option to see them.
  • 45qt7.mpr7o.daitoshi.mlit.go.jp/A has errors; select the "Denial of existence" DNSSEC option to see them.
  • daitoshi.mlit.go.jp/CDNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (1)
  • mlit.go.jp to daitoshi.mlit.go.jp: The following NS name(s) were found in the delegation NS RRset (i.e., in the mlit.go.jp zone), but not in the authoritative NS RRset: ns-211.awsdns-26.com, ns-750.awsdns-29.net, ns-1171.awsdns-18.org, ns-1577.awsdns-05.co.uk See RFC 1034, Sec. 4.2.2.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph