View on GitHub
dns-oarc.net
Updated:
2024-06-22 23:15:39 UTC
(
187 days ago
)
Go to most recent »
« Previous analysis
|
Next analysis »
Tweet
DNSSEC
Responses
Servers
Analyze
DNSSEC options (
hide
)
|?|
RR types:
--All--
A
AAAA
TXT
PTR
MX
NS
SOA
CNAME
SRV
NAPTR
TLSA
NSEC3PARAM
CDNSKEY
CDS
CAA
|?|
DNSSEC algorithms:
--All--
1 - RSA/MD5
3 - DSA/SHA1
5 - RSA/SHA-1
6 - DSA-NSEC3-SHA1
7 - RSASHA1-NSEC3-SHA1
8 - RSA/SHA-256
10 - RSA/SHA-512
12 - GOST R 34.10-2001
13 - ECDSA Curve P-256 with SHA-256
14 - ECDSA Curve P-384 with SHA-384
15 - Ed25519
16 - Ed448
|?|
DS digest algorithms:
--All--
1 - SHA-1
2 - SHA-256
3 - GOST R 34.11-94
4 - SHA-384
|?|
Denial of existence:
|?|
Redundant edges:
|?|
Ignore RFC 8624:
|?|
Ignore RFC 9276:
|?|
Multi-signer:
|?|
Trust anchors:
Root zone KSK
|?|
Additional trusted keys:
Notices
DNSSEC Authentication Chain
RRset status
Bogus
(2)
dns-oarc.net/CDNSKEY
dns-oarc.net/CDS
Secure
(8)
dns-oarc.net/A
dns-oarc.net/AAAA
dns-oarc.net/CDNSKEY
dns-oarc.net/CDS
dns-oarc.net/MX
dns-oarc.net/NS
dns-oarc.net/SOA
dns-oarc.net/TXT
DNSKEY/DS/NSEC status
Secure
(10)
./DNSKEY (alg 8, id 20038)
./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 5613)
dns-oarc.net/DNSKEY (alg 13, id 13977)
dns-oarc.net/DNSKEY (alg 13, id 53209)
dns-oarc.net/DNSKEY (alg 13, id 6048)
dns-oarc.net/DS (alg 13, id 13977)
net/DNSKEY (alg 13, id 37331)
net/DNSKEY (alg 13, id 51809)
net/DS (alg 13, id 37331)
Non_existent
(2)
dns-oarc.net/DNSKEY (alg 0, id 0)
dns-oarc.net/DNSKEY (alg 0, id 17106)
Delegation status
Secure
(2)
. to net
net to dns-oarc.net
Notices
Errors
(14)
RRSIG dns-oarc.net/CDNSKEY alg 13, id 13977: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
RRSIG dns-oarc.net/CDNSKEY alg 13, id 53209: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
RRSIG dns-oarc.net/CDS alg 13, id 13977: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
RRSIG dns-oarc.net/CDS alg 13, id 53209: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
dns-oarc.net/CDNSKEY: Multiple variants of CDNSKEY RRsets were found. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDNSKEY: Multiple variants of CDNSKEY RRsets were found. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDNSKEY: The contents of a CDNSKEY record used for DNSSEC deletion (algorithm 0) should be 0, 3, 0, AA==. See RFC 8078, Sec. 4.
dns-oarc.net/CDNSKEY: The contents of the CDNSKEY RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 4.
dns-oarc.net/CDNSKEY: The contents of the CDNSKEY RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 4.
dns-oarc.net/CDS: Multiple variants of CDS RRsets were found. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDS: Multiple variants of CDS RRsets were found. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDS: The contents of a CDS record used for DNSSEC deletion (algorithm 0) should be 0, 0, 0, 00. See RFC 8078, Sec. 4.
dns-oarc.net/CDS: The contents of the CDNSKEY RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 4.
dns-oarc.net/CDS: The contents of the CDNSKEY RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 4.
Warnings
(4)
dns-oarc.net/CDNSKEY: The contents of the DS RRset are inconsistent with those of the CDNSKEY RRset. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDNSKEY: The contents of the DS RRset are inconsistent with those of the CDNSKEY RRset. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDS: The contents of the DS RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
dns-oarc.net/CDS: The contents of the DS RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
DNSKEY legend
Full legend
SEP bit set
Revoke bit set
Trust anchor
See also
DNSSEC Debugger
by
Verisign Labs
.
Download:
png
|
svg
JavaScript is required to make the graph below interactive.