fail03.dnssec.works

Updated: 2020-05-08 13:48:59 UTC (1457 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Bogus (4)

fail03.dnssec.works/A
fail03.dnssec.works/AAAA
fail03.dnssec.works/NS
fail03.dnssec.works/SOA

DNSKEY/DS/NSEC status

Bogus (2)

fail03.dnssec.works/DNSKEY (alg 8, id 4699)
fail03.dnssec.works/DNSKEY (alg 8, id 8628)

Secure (12)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 48903)
dnssec.works/DNSKEY (alg 8, id 41779)
dnssec.works/DNSKEY (alg 8, id 63306)
dnssec.works/DS (alg 8, id 41779)
fail03.dnssec.works/DS (alg 8, id 4699)
works/DNSKEY (alg 8, id 21105)
works/DNSKEY (alg 8, id 37126)
works/DNSKEY (alg 8, id 37354)
works/DNSKEY (alg 8, id 48888)
works/DS (alg 8, id 37126)
works/DS (alg 8, id 37126)

Delegation status

Bogus (1)

dnssec.works to fail03.dnssec.works

Secure (2)

. to works
works to dnssec.works

Notices

Errors (14)

RRSIG fail03.dnssec.works/A alg 8, id 8628: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/A alg 8, id 8628: The cryptographic signature of the RRSIG RR does not properly validate.
RRSIG fail03.dnssec.works/AAAA alg 8, id 8628: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/AAAA alg 8, id 8628: The cryptographic signature of the RRSIG RR does not properly validate.
RRSIG fail03.dnssec.works/DNSKEY alg 8, id 4699: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/DNSKEY alg 8, id 4699: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/DNSKEY alg 8, id 8628: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/DNSKEY alg 8, id 8628: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/NS alg 8, id 8628: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
RRSIG fail03.dnssec.works/SOA alg 8, id 8628: The Signature Expiration field of the RRSIG RR (2020-01-01 00:00:00+00:00) is 128 days in the past.
dnssec.works to fail03.dnssec.works: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (5.45.109.212, 185.92.221.212, 2001:19f0:5001:df:76d7:5703:ba0a:e220, 2a03:4000:6:2115::2, TCP_-_EDNS0_4096_D_K)
fail03.dnssec.works zone: The server(s) were not responsive to queries over UDP. (37.153.96.134)
fail03.dnssec.works/A: No response was received from the server over UDP (tried 12 times). (37.153.96.134, UDP_-_NOEDNS_)
fail03.dnssec.works/NS: No response was received from the server over UDP (tried 12 times). (37.153.96.134, UDP_-_NOEDNS_)

Warnings (4)

works/DS (alg 8, id 37126): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
works/DS (alg 8, id 37126): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
works/DS (alg 8, id 37126): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
works/DS (alg 8, id 37126): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.