dnssec-test.balug.org
Updated:
2024-09-25 07:11:57 UTC (25 days ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Insecure (7)
- dnssec-test.balug.org/A
- dnssec-test.balug.org/AAAA
- dnssec-test.balug.org/CDNSKEY
- dnssec-test.balug.org/CDS
- dnssec-test.balug.org/NS
- dnssec-test.balug.org/NSEC3PARAM
- dnssec-test.balug.org/SOA
Secure (1)
- balug.org/SOA
DNSKEY/DS/NSEC status
Insecure (2)
- dnssec-test.balug.org/DNSKEY (alg 13, id 36925)
- dnssec-test.balug.org/DNSKEY (alg 13, id 6523)
Secure (11)
- ./DNSKEY (alg 8, id 20038)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 61050)
- NSEC proving non-existence of dnssec-test.balug.org/DS
- balug.org/DNSKEY (alg 8, id 17095)
- balug.org/DNSKEY (alg 8, id 42576)
- balug.org/DS (alg 8, id 17095)
- org/DNSKEY (alg 8, id 15678)
- org/DNSKEY (alg 8, id 23064)
- org/DNSKEY (alg 8, id 26974)
- org/DS (alg 8, id 26974)
Delegation status
Insecure (1)
- balug.org to dnssec-test.balug.org
Secure (2)
- . to org
- org to balug.org
Notices
Errors (3)
- RRSIG dnssec-test.balug.org/SOA alg 13, id 6523: With a TTL of 3600 the RRSIG RR can be in the cache of a non-validating resolver until 54 minutes after it expires at 2024-09-25 07:17:18+00:00. See RFC 4035, Sec. 5.3.3.
- dnssec-test.balug.org/CDNSKEY: The CDNSKEY RRset must be signed with a key that is represented in both the current DNSKEY and the current DS RRset. See RFC 7344, Sec. 4.1.
- dnssec-test.balug.org/CDS: The CDS RRset must be signed with a key that is represented in both the current DNSKEY and the current DS RRset. See RFC 7344, Sec. 4.1.
JavaScript is required to make the graph below interactive.
