dotsu.su

Updated: 2020-06-29 16:03:49 UTC (1643 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Insecure (4)

dotsu.su/A
dotsu.su/NS
dotsu.su/SOA
dotsu.su/TXT

DNSKEY/DS/NSEC status

Insecure (6)

dotsu.su/DNSKEY (alg 14, id 17500)
dotsu.su/DNSKEY (alg 5, id 27891)
dotsu.su/DNSKEY (alg 7, id 20503)
dotsu.su/DNSKEY (alg 7, id 27892)
dotsu.su/DNSKEY (alg 9, id 13588)
dotsu.su/DNSKEY (alg 9, id 2570)

Secure (9)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 46594)
./DNSKEY (alg 8, id 48903)
dotsu.su/DS (alg 9, id 13588)
dotsu.su/DS (alg 9, id 13588)
dotsu.su/DS (alg 9, id 13588)
su/DNSKEY (alg 8, id 37848)
su/DNSKEY (alg 8, id 58831)
su/DS (alg 8, id 58831)

Delegation status

Insecure (1)

su to dotsu.su

Secure (1)

. to su

Notices

Errors (18)

dotsu.su/A: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, UDP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 14, id 17500): No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 14, id 17500): The key was revoked but was not found signing the RRset. See RFC 5011, Sec. 2.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 14, id 17500): The length of the key is 264 bits, but an ECDSA public key using Curve P-384 (DNSSEC algorithm 14) must be 768 bits long. See RFC 6605, Sec. 4.
dotsu.su/DNSKEY (alg 5, id 27891): No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 7, id 20503): No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 7, id 27892): No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 9, id 13588): No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 9, id 2570): No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/NS: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, UDP_-_EDNS0_4096_D_K)
dotsu.su/SOA: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_4096_D_K_0x20)
dotsu.su/TXT: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (54.241.1.84, 54.245.86.7, UDP_-_EDNS0_4096_D_K)
su to dotsu.su: The DS RRset for the zone included algorithm 9 (9), but no DS RR matched a DNSKEY with algorithm 9 that signs the zone's DNSKEY RRset. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
dotsu.su/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
dotsu.su/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
ycgn0s42vj.dotsu.su/A has errors; select the "Denial of existence" DNSSEC option to see them.
dotsu.su/MX has errors; select the "Denial of existence" DNSSEC option to see them.

Warnings (8)

dotsu.su/DS (alg 9, id 13588): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
dotsu.su/DS (alg 9, id 13588): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
dotsu.su/DS (alg 9, id 13588): DNSSEC implementers are prohibited from implementing signing with DS algorithm 3 (GOST 34.11-94). See RFC 8624, Sec. 3.2.
dotsu.su/DS (alg 9, id 13588): DNSSEC implementers are prohibited from implementing signing with DS algorithm 3 (GOST 34.11-94). See RFC 8624, Sec. 3.2.
dotsu.su/DS (alg 9, id 13588): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
dotsu.su/DS (alg 9, id 13588): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
dotsu.su/DS (alg 9, id 13588): Generating cryptographic hashes using algorithm 3 (GOST 34.11-94) is not supported by this code, so the cryptographic status of the DS RR is unknown. See RFC 4035, Sec. 5.2.
dotsu.su/DS (alg 9, id 13588): Generating cryptographic hashes using algorithm 3 (GOST 34.11-94) is not supported by this code, so the cryptographic status of the DS RR is unknown. See RFC 4035, Sec. 5.2.