dej.in.ua
Updated:
2021-01-30 15:27:00 UTC (1441 days ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Insecure (7)
- dej.in.ua/A
- dej.in.ua/MX
- dej.in.ua/NS
- dej.in.ua/SOA
- dej.in.ua/TXT
- in.ua/SOA
- in.ua/SOA
Secure (1)
- ua/SOA
DNSKEY/DS/NSEC status
Insecure (2)
- dej.in.ua/DNSKEY (alg 7, id 27921)
- dej.in.ua/DNSKEY (alg 7, id 34073)
Secure (6)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 42351)
- NSEC3 proving non-existence of in.ua/DS
- ua/DNSKEY (alg 13, id 35976)
- ua/DNSKEY (alg 13, id 48349)
- ua/DS (alg 13, id 48349)
Delegation status
Insecure (2)
- in.ua to dej.in.ua
- ua to in.ua
Secure (1)
- . to ua
Notices
Errors (5)
- NSEC3 proving non-existence of in.ua/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of in.ua/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- dej.in.ua/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
- ilma1z3vr0.dej.in.ua/A has errors; select the "Denial of existence" DNSSEC option to see them.
- dej.in.ua/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (18)
- . to ua: The glue address(es) for cd1.ns.ua (194.0.1.9) differed from its authoritative address(es) (74.116.178.9). See RFC 1034, Sec. 4.2.2.
- . to ua: The glue address(es) for cd1.ns.ua (2001:678:4::9) differed from its authoritative address(es) (2620:7d:e000::9). See RFC 1034, Sec. 4.2.2.
- NSEC3 proving non-existence of in.ua/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of in.ua/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
- RRSIG dej.in.ua/A alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/DNSKEY alg 7, id 27921: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/DNSKEY alg 7, id 27921: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/DNSKEY alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/DNSKEY alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/MX alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/NS alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/SOA alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG dej.in.ua/TXT alg 7, id 34073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- in.ua to dej.in.ua: The following NS name(s) were found in the delegation NS RRset (i.e., in the in.ua zone), but not in the authoritative NS RRset: ns2.dj7.pp.ua See RFC 1034, Sec. 4.2.2.
- dej.in.ua/DNSKEY has warnings; select the "Denial of existence" DNSSEC option to see them.
- dej.in.ua/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.
- ilma1z3vr0.dej.in.ua/A has warnings; select the "Denial of existence" DNSSEC option to see them.
- dej.in.ua/AAAA has warnings; select the "Denial of existence" DNSSEC option to see them.
JavaScript is required to make the graph below interactive.
