hollington.ca | DNSViz

hollington.ca

Updated: 2021-02-16 12:35:11 UTC (1405 days ago) Update now

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Insecure (5)

hollington.ca/A
hollington.ca/MX
hollington.ca/NS
hollington.ca/SOA
hollington.ca/TXT

Secure (1)

ca/SOA

DNSKEY/DS/NSEC status

Insecure (2)

hollington.ca/DNSKEY (alg 13, id 2371)
hollington.ca/DNSKEY (alg 13, id 34505)

Secure (8)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 42351)
NSEC3 proving non-existence of hollington.ca/DS
ca/DNSKEY (alg 8, id 2134)
ca/DNSKEY (alg 8, id 43854)
ca/DNSKEY (alg 8, id 44701)
ca/DNSKEY (alg 8, id 48662)
ca/DS (alg 8, id 2134)

Delegation status

Insecure (1)

ca to hollington.ca

Secure (1)

. to ca

Notices

Errors (3)

NSEC3 proving non-existence of hollington.ca/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of hollington.ca/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
hollington.ca/DS has errors; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

See also

DNSSEC Debugger by Verisign Labs.

Download: png | svg

Warning

JavaScript is required to make the graph below interactive.

DNSSEC authentication graph