View on GitHub

DNSViz: A DNS visualization tool

dnssec.pw

Updated: 2024-08-29 12:44:22 UTC (115 days ago) Update now
« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
  10. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (2)
  • dnssec.pw/NS
  • dnssec.pw/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Bogus (10)
  • dnssec.pw/DNSKEY (alg 13, id 12345)
  • dnssec.pw/DNSKEY (alg 13, id 12345)
  • dnssec.pw/DNSKEY (alg 13, id 12345)
  • dnssec.pw/DNSKEY (alg 13, id 12345)
  • dnssec.pw/DNSKEY (alg 13, id 12345)
  • dnssec.pw/DNSKEY (alg 8, id 12345)
  • dnssec.pw/DNSKEY (alg 8, id 12345)
  • dnssec.pw/DNSKEY (alg 8, id 12345)
  • dnssec.pw/DNSKEY (alg 8, id 12345)
  • dnssec.pw/DNSKEY (alg 8, id 65300)
Secure (7)
  • ./DNSKEY (alg 8, id 20038)
  • ./DNSKEY (alg 8, id 20326)
  • dnssec.pw/DS (alg 8, id 65300)
  • pw/DNSKEY (alg 13, id 41432)
  • pw/DNSKEY (alg 13, id 50850)
  • pw/DS (alg 13, id 41432)
  • pw/DS (alg 13, id 44440)
Non_existent (1)
  • pw/DNSKEY (alg 13, id 44440)

Delegation statusDelegation status

Bogus (1)
  • pw to dnssec.pw
Secure (1)
  • . to pw

NoticesNotices

Errors (34)
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/DNSKEY alg 8, id 65300: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/NS alg 13, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG dnssec.pw/NS alg 8, id 12345: The Signature Expiration field of the RRSIG RR (2024-04-09 01:23:45+00:00) is 142 days in the past. See RFC 4035, Sec. 5.3.1.
  • dnssec.pw/SOA: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (45.151.144.186, 194.87.101.51, TCP_-_EDNS0_4096_D_N, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_4096_D_KN_0x20)
  • pw to dnssec.pw: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.151.144.186, 194.87.101.51, TCP_-_EDNS0_4096_D_KN)
  • dnssec.pw/MX has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/A has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/CDS has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/NSEC3PARAM has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/TXT has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/CDNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
  • dnssec.pw/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
  • 1ebqt.8wvhr.dnssec.pw/A has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (2)
  • ./DNSKEY (alg 8, id 20038): The server appears to support DNS cookies but did not return a COOKIE option. See RFC 7873, Sec. 5.2.3. (2001:500:2f::f, UDP_-_EDNS0_4096_D_KN)
  • ./DNSKEY (alg 8, id 20326): The server appears to support DNS cookies but did not return a COOKIE option. See RFC 7873, Sec. 5.2.3. (2001:500:2f::f, UDP_-_EDNS0_4096_D_KN)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph