View on GitHub

DNSViz: A DNS visualization tool

id0.gr

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (7)
  • id0.gr/A
  • id0.gr/AAAA
  • id0.gr/MX
  • id0.gr/NS
  • id0.gr/SOA
  • id0.gr/TXT
  • id0.gr/TXT (NODATA)
Secure (1)
  • gr/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Insecure (4)
  • NSEC3 proving non-existence of id0.gr/TXT
  • id0.gr/DNSKEY (alg 13, id 26267)
  • id0.gr/DNSKEY (alg 8, id 26659)
  • id0.gr/DNSKEY (alg 8, id 40112)
Secure (7)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 42351)
  • NSEC3 proving non-existence of id0.gr/DS
  • gr/DNSKEY (alg 7, id 33317)
  • gr/DNSKEY (alg 7, id 35136)
  • gr/DNSKEY (alg 7, id 7835)
  • gr/DS (alg 7, id 35136)

Delegation statusDelegation status

Insecure (1)
  • gr to id0.gr
Secure (1)
  • . to gr

NoticesNotices

Errors (28)
  • NSEC3 proving non-existence of id0.gr/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/TXT: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/TXT: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/TXT: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN)
  • NSEC3 proving non-existence of id0.gr/TXT: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN)
  • NSEC3 proving non-existence of id0.gr/TXT: The following queries resulted in an answer response, even though the bitmap in the NSEC3 RR indicates that the queried records don't exist: id0.gr/TXT See RFC 5155, Sec. 8.5.
  • NSEC3 proving non-existence of id0.gr/TXT: The following queries resulted in an answer response, even though the bitmap in the NSEC3 RR indicates that the queried records don't exist: id0.gr/TXT See RFC 5155, Sec. 8.5.
  • gr/DNSKEY: No response was received from the server over UDP (tried 4 times). See RFC 1035, Sec. 4.2. (78.104.145.227, 139.91.191.3, UDP_-_EDNS0_512_D_KN)
  • id0.gr/A: The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/A: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/AAAA: The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/AAAA: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/DNSKEY (alg 13, id 26267): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/DNSKEY (alg 13, id 26267): The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • id0.gr/DNSKEY (alg 8, id 26659): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • id0.gr/DNSKEY (alg 8, id 26659): The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/DNSKEY (alg 8, id 40112): The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/MX: The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • id0.gr/MX: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • id0.gr/NS: The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/NS: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/SOA: The DNSKEY RRset for the zone included algorithm 8 (RSASHA256), but no RRSIG with algorithm 8 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/TXT: The DNSKEY RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no RRSIG with algorithm 13 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (216.239.32.107, 216.239.34.107, 216.239.36.107, 216.239.38.107, 2001:4860:4802:32::6b, 2001:4860:4802:34::6b, 2001:4860:4802:36::6b, 2001:4860:4802:38::6b, UDP_-_EDNS0_4096_D_KN)
  • cnpxqv96k8.id0.gr/A has errors; select the "Denial of existence" DNSSEC option to see them.
  • id0.gr/DS has errors; select the "Denial of existence" DNSSEC option to see them.
  • id0.gr/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
  • id0.gr/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (20)
  • NSEC3 proving non-existence of id0.gr/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/TXT: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • NSEC3 proving non-existence of id0.gr/TXT: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of id0.gr/DS alg 7, id 7835: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG NSEC3 proving non-existence of id0.gr/DS alg 7, id 7835: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/DNSKEY alg 7, id 35136: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/DNSKEY alg 7, id 35136: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/DNSKEY alg 7, id 35136: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/DNSKEY alg 7, id 7835: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/DNSKEY alg 7, id 7835: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/DNSKEY alg 7, id 7835: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • RRSIG gr/SOA alg 7, id 7835: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
  • gr/DNSKEY (alg 7, id 33317): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. See RFC 6891, Sec. 6.2.6. (78.104.145.227, 139.91.191.3, UDP_-_EDNS0_4096_D_KN)
  • gr/DNSKEY (alg 7, id 35136): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. See RFC 6891, Sec. 6.2.6. (78.104.145.227, 139.91.191.3, UDP_-_EDNS0_4096_D_KN)
  • gr/DNSKEY (alg 7, id 7835): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. See RFC 6891, Sec. 6.2.6. (78.104.145.227, 139.91.191.3, UDP_-_EDNS0_4096_D_KN)
  • id0.gr/DNSKEY (alg 8, id 40112): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (45.54.76.1, 157.53.224.1, 2607:f740:e00a:deec::2, 2607:f740:e633:deec::2, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • id0.gr/DS has warnings; select the "Denial of existence" DNSSEC option to see them.
  • cnpxqv96k8.id0.gr/A has warnings; select the "Denial of existence" DNSSEC option to see them.
  • id0.gr/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph