View on GitHub

DNSViz: A DNS visualization tool

idpcafe.usp.br

Updated: 2025-12-26 15:23:56 UTC (3 days ago) Update now
« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
  10. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (4)
  • idp.a.lb.dns.usp.br/A
  • idp.a.lb.dns.usp.br/A
  • idp.a.lb.dns.usp.br/AAAA
  • idp.a.lb.dns.usp.br/AAAA
Secure (2)
  • idpcafe.usp.br/CNAME
  • lb.dns.usp.br/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Insecure (2)
  • a.lb.dns.usp.br/DNSKEY (alg 10, id 46760)
  • a.lb.dns.usp.br/DNSKEY (alg 10, id 64347)
Secure (19)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 21831)
  • ./DNSKEY (alg 8, id 38696)
  • ./DNSKEY (alg 8, id 61809)
  • NSEC3 proving non-existence of a.lb.dns.usp.br/DS
  • br/DNSKEY (alg 13, id 38298)
  • br/DNSKEY (alg 13, id 56618)
  • br/DS (alg 13, id 38298)
  • dns.usp.br/DNSKEY (alg 14, id 40524)
  • dns.usp.br/DNSKEY (alg 14, id 47496)
  • dns.usp.br/DS (alg 14, id 40524)
  • dns.usp.br/DS (alg 14, id 62973)
  • lb.dns.usp.br/DNSKEY (alg 14, id 214)
  • lb.dns.usp.br/DNSKEY (alg 14, id 43980)
  • lb.dns.usp.br/DS (alg 14, id 39866)
  • lb.dns.usp.br/DS (alg 14, id 43980)
  • usp.br/DNSKEY (alg 14, id 23907)
  • usp.br/DNSKEY (alg 14, id 65225)
  • usp.br/DS (alg 14, id 23907)
Non_existent (2)
  • dns.usp.br/DNSKEY (alg 14, id 62973)
  • lb.dns.usp.br/DNSKEY (alg 14, id 39866)

Delegation statusDelegation status

Insecure (1)
  • lb.dns.usp.br to a.lb.dns.usp.br
Secure (4)
  • . to br
  • br to usp.br
  • dns.usp.br to lb.dns.usp.br
  • usp.br to dns.usp.br

NoticesNotices

Errors (8)
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: The Signature Expiration field of the RRSIG RR (2025-12-10 18:26:38+00:00) is 15 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: The Signature Expiration field of the RRSIG RR (2025-12-10 18:26:38+00:00) is 15 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: The Signature Expiration field of the RRSIG RR (2025-12-13 21:27:39+00:00) is 12 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: The Signature Expiration field of the RRSIG RR (2025-12-13 21:27:39+00:00) is 12 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: The Signature Expiration field of the RRSIG RR (2025-12-10 18:26:38+00:00) is 15 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: The Signature Expiration field of the RRSIG RR (2025-12-10 18:26:38+00:00) is 15 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: The Signature Expiration field of the RRSIG RR (2025-12-13 21:27:39+00:00) is 12 days in the past. See RFC 4035, Sec. 5.3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: The Signature Expiration field of the RRSIG RR (2025-12-13 21:27:39+00:00) is 12 days in the past. See RFC 4035, Sec. 5.3.1.
Warnings (14)
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG a.lb.dns.usp.br/DNSKEY alg 10, id 64347: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG idp.a.lb.dns.usp.br/A alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG idp.a.lb.dns.usp.br/A alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG idp.a.lb.dns.usp.br/AAAA alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • RRSIG idp.a.lb.dns.usp.br/AAAA alg 10, id 46760: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
  • a.lb.dns.usp.br/DNSKEY: The Authoritative Answer (AA) flag was not set in the response. See RFC 1035, Sec. 4.1.1. (200.144.248.200, 200.144.249.200, UDP_-_EDNS0_512_D_KN)
  • a.lb.dns.usp.br/DNSKEY: The server responded with no OPT record, rather than with RCODE FORMERR. See RFC 6891, Sec. 7. (200.144.248.200, 200.144.249.200, UDP_-_EDNS0_512_D_KN)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph