dnssec-name-and-shame.com

Updated: 2022-07-13 06:47:12 UTC (653 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Bogus (5)

dnssec-name-and-shame.com/A
dnssec-name-and-shame.com/AAAA
dnssec-name-and-shame.com/NS
dnssec-name-and-shame.com/NSEC3PARAM
dnssec-name-and-shame.com/SOA

DNSKEY/DS/NSEC status

Bogus (3)

dnssec-name-and-shame.com/DNSKEY (alg 13, id 41077)
dnssec-name-and-shame.com/DNSKEY (alg 13, id 55032)
dnssec-name-and-shame.com/DNSKEY (alg 13, id 62809)

Secure (7)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 20826)
com/DNSKEY (alg 8, id 30909)
com/DNSKEY (alg 8, id 32298)
com/DNSKEY (alg 8, id 37269)
com/DS (alg 8, id 30909)
dnssec-name-and-shame.com/DS (alg 13, id 62809)

Delegation status

Bogus (1)

com to dnssec-name-and-shame.com

Secure (1)

. to com

Notices

Errors (11)

RRSIG dnssec-name-and-shame.com/DNSKEY alg 13, id 55032: The Signature Expiration field of the RRSIG RR (2022-07-12 06:43:02+00:00) is 1 day in the past.
RRSIG dnssec-name-and-shame.com/DNSKEY alg 13, id 55032: The Signature Expiration field of the RRSIG RR (2022-07-12 06:43:02+00:00) is 1 day in the past.
RRSIG dnssec-name-and-shame.com/DNSKEY alg 13, id 55032: The Signature Expiration field of the RRSIG RR (2022-07-12 06:43:02+00:00) is 1 day in the past.
RRSIG dnssec-name-and-shame.com/DNSKEY alg 13, id 62809: The Signature Expiration field of the RRSIG RR (2022-07-12 06:43:02+00:00) is 1 day in the past.
RRSIG dnssec-name-and-shame.com/DNSKEY alg 13, id 62809: The Signature Expiration field of the RRSIG RR (2022-07-12 06:43:02+00:00) is 1 day in the past.
RRSIG dnssec-name-and-shame.com/DNSKEY alg 13, id 62809: The Signature Expiration field of the RRSIG RR (2022-07-12 06:43:02+00:00) is 1 day in the past.
RRSIG dnssec-name-and-shame.com/NSEC3PARAM alg 13, id 41077: The TTL of the RRset (3600) exceeds the value of the Original TTL field of the RRSIG RR covering it (0).
com to dnssec-name-and-shame.com: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (185.49.141.53, 216.218.130.2, 216.218.131.2, 2001:470:100::2, 2001:470:200::2, 2a04:b900:0:100::53, UDP_-_EDNS0_4096_D_KN)
dnssec-name-and-shame.com zone: The server(s) were not responsive to queries over UDP. (54.221.136.21, 2600:1f18:24a6:2020::53)
dnssec-name-and-shame.com/A: No response was received from the server over UDP (tried 12 times). (54.221.136.21, 2600:1f18:24a6:2020::53, UDP_-_NOEDNS_)
dnssec-name-and-shame.com/NS: No response was received from the server over UDP (tried 12 times). (54.221.136.21, 2600:1f18:24a6:2020::53, UDP_-_NOEDNS_)

Warnings (4)

com to dnssec-name-and-shame.com: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the com zone): ns1.he.net, ns2.he.net
com to dnssec-name-and-shame.com: The following NS name(s) were found in the delegation NS RRset (i.e., in the com zone), but not in the authoritative NS RRset: ns-aws.nlnet.nl
dnssec-name-and-shame.com/DS (alg 13, id 62809): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
dnssec-name-and-shame.com/DS (alg 13, id 62809): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

dnssec-name-and-shame.com

RRset status

Bogus (5)

DNSKEY/DS/NSEC status

Bogus (3)

Secure (7)

Delegation status

Bogus (1)

Secure (1)

Notices

Errors (11)

Warnings (4)

DNSKEY legend

See also