NSEC3 proving non-existence of zx0lsr3jec.desec.org/A
desec.org/DNSKEY (alg 13, id 6697)
desec.org/DS (alg 13, id 6697)
org/DNSKEY (alg 7, id 17883)
org/DNSKEY (alg 7, id 33209)
org/DNSKEY (alg 7, id 37022)
org/DNSKEY (alg 7, id 9795)
org/DS (alg 7, id 9795)
org/DS (alg 7, id 9795)
Delegation status
Secure (2)
. to org
org to desec.org
Notices
Errors (9)
NSEC3 proving non-existence of desec.org/CNAME: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of desec.org/CNAME: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of zx0lsr3jec.desec.org/A: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of zx0lsr3jec.desec.org/A: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
desec.org zone: The server(s) were not responsive to queries over UDP. See RFC 1035, Sec. 4.2. (2a00:11c0:4b:deec::2)
desec.org/A: No response was received from the server over UDP (tried 12 times). See RFC 1035, Sec. 4.2. (2a00:11c0:4b:deec::2, UDP_-_NOEDNS_)
desec.org/NS: No response was received from the server over UDP (tried 12 times). See RFC 1035, Sec. 4.2. (2a00:11c0:4b:deec::2, UDP_-_NOEDNS_)
org/DS (alg 7, id 9795): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
org/DS (alg 7, id 9795): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
Warnings (20)
NSEC3 proving non-existence of desec.org/CNAME: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of desec.org/CNAME: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of zx0lsr3jec.desec.org/A: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of zx0lsr3jec.desec.org/A: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
RRSIG desec.org/DS alg 7, id 33209: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 33209: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 33209: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 33209: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 33209: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 9795: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 9795: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 9795: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 9795: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
org/DS (alg 7, id 9795): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
org/DS (alg 7, id 9795): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
desec.org/DS has warnings; select the "Denial of existence" DNSSEC option to see them.