dotsu.su

Updated: 2020-06-29 16:03:49 UTC (1389 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Insecure (4)

dotsu.su/A
dotsu.su/NS
dotsu.su/SOA
dotsu.su/TXT

DNSKEY/DS/NSEC status

Insecure (6)

dotsu.su/DNSKEY (alg 14, id 17500)
dotsu.su/DNSKEY (alg 5, id 27891)
dotsu.su/DNSKEY (alg 7, id 20503)
dotsu.su/DNSKEY (alg 7, id 27892)
dotsu.su/DNSKEY (alg 9, id 13588)
dotsu.su/DNSKEY (alg 9, id 2570)

Secure (9)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 46594)
./DNSKEY (alg 8, id 48903)
dotsu.su/DS (alg 9, id 13588)
dotsu.su/DS (alg 9, id 13588)
dotsu.su/DS (alg 9, id 13588)
su/DNSKEY (alg 8, id 37848)
su/DNSKEY (alg 8, id 58831)
su/DS (alg 8, id 58831)

Delegation status

Insecure (1)

su to dotsu.su

Secure (1)

. to su

Notices

Errors (13)

dotsu.su/A: No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, UDP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 14, id 17500): No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 14, id 17500): The key was revoked but was not found signing the RRset. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 14, id 17500): The length of the key is 264 bits, but an ECDSA public key using Curve P-384 (DNSSEC algorithm 14) must be 768 bits long.
dotsu.su/DNSKEY (alg 5, id 27891): No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 7, id 20503): No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 7, id 27892): No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 9, id 13588): No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/DNSKEY (alg 9, id 2570): No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)
dotsu.su/NS: No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, UDP_-_EDNS0_4096_D_K)
dotsu.su/SOA: No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_4096_D_K_0x20)
dotsu.su/TXT: No RRSIG covering the RRset was returned in the response. (54.241.1.84, 54.245.86.7, UDP_-_EDNS0_4096_D_K)
su to dotsu.su: The DS RRset for the zone included algorithm 9 (9), but no DS RR matched a DNSKEY with algorithm 9 that signs the zone's DNSKEY RRset. (54.241.1.84, 54.245.86.7, TCP_-_EDNS0_4096_D_K)

Warnings (8)

dotsu.su/DS (alg 9, id 13588): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
dotsu.su/DS (alg 9, id 13588): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
dotsu.su/DS (alg 9, id 13588): DNSSEC specification prohibits signing with DS records that use digest algorithm 3 (GOST 34.11-94).
dotsu.su/DS (alg 9, id 13588): DNSSEC specification prohibits signing with DS records that use digest algorithm 3 (GOST 34.11-94).
dotsu.su/DS (alg 9, id 13588): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
dotsu.su/DS (alg 9, id 13588): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
dotsu.su/DS (alg 9, id 13588): Generating cryptographic hashes using algorithm 3 (GOST 34.11-94) is not supported by this code, so the cryptographic status of the DS RR is unknown.
dotsu.su/DS (alg 9, id 13588): Generating cryptographic hashes using algorithm 3 (GOST 34.11-94) is not supported by this code, so the cryptographic status of the DS RR is unknown.