NSEC3 proving non-existence of uc56r13pqf.desec.org/A
desec.org/DNSKEY (alg 13, id 6697)
desec.org/DS (alg 13, id 6697)
org/DNSKEY (alg 7, id 17883)
org/DNSKEY (alg 7, id 27074)
org/DNSKEY (alg 7, id 37022)
org/DS (alg 7, id 17883)
org/DS (alg 7, id 17883)
org/DS (alg 7, id 9795)
Non_existent (1)
org/DNSKEY (alg 7, id 9795)
Delegation status
Secure (2)
. to org
org to desec.org
Notices
Errors (8)
NSEC3 proving non-existence of desec.org/CNAME: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of desec.org/CNAME: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of uc56r13pqf.desec.org/A: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of uc56r13pqf.desec.org/A: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
org/DS (alg 7, id 17883): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
org/DS (alg 7, id 17883): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
org/DS (alg 7, id 9795): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
org/DS (alg 7, id 9795): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
Warnings (16)
NSEC3 proving non-existence of desec.org/CNAME: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of desec.org/CNAME: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of uc56r13pqf.desec.org/A: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of uc56r13pqf.desec.org/A: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
RRSIG desec.org/DS alg 7, id 37022: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 17883: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 37022: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 37022: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG org/DNSKEY alg 7, id 37022: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
org/DS (alg 7, id 17883): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
org/DS (alg 7, id 17883): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
org/DS (alg 7, id 9795): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
org/DS (alg 7, id 9795): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
desec.org/DS has warnings; select the "Denial of existence" DNSSEC option to see them.