insecure.mufj.jp
Updated:
2020-11-03 11:38:29 UTC (1330 days ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Insecure (2)
- insecure.mufj.jp/CNAME
- www.e-ontap.com/A
Secure (3)
- com/SOA
- com/SOA
- mufj.jp/SOA
DNSKEY/DS/NSEC status
Secure (13)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 26116)
- NSEC3 proving non-existence of e-ontap.com/DS
- NSEC3 proving non-existence of insecure.mufj.jp/DS
- com/DNSKEY (alg 8, id 30909)
- com/DNSKEY (alg 8, id 31510)
- com/DS (alg 8, id 30909)
- jp/DNSKEY (alg 8, id 39595)
- jp/DNSKEY (alg 8, id 63825)
- jp/DS (alg 8, id 39595)
- mufj.jp/DNSKEY (alg 7, id 19682)
- mufj.jp/DNSKEY (alg 7, id 60678)
- mufj.jp/DS (alg 7, id 60678)
Non_existent (1)
- mufj.jp/DNSKEY (alg 13, id 18023)
Delegation status
Insecure (2)
- com to e-ontap.com
- mufj.jp to insecure.mufj.jp
Secure (3)
- . to com
- . to jp
- jp to mufj.jp
Notices
Errors (15)
- NSEC3 proving non-existence of insecure.mufj.jp/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of insecure.mufj.jp/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- RRSIG insecure.mufj.jp/CNAME alg 13, id 18023: The Signer's Name field of the RRSIG RR (mufj.jp) does not match the name of the zone containing the RRset (insecure.mufj.jp). See RFC 4035, Sec. 5.3.1.
- e-ontap.com zone: The following NS name(s) did not resolve to address(es): fake.tkix.net
- mufj.jp/DS (alg 7, id 60678): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
- mufj.jp/DS (alg 7, id 60678): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
- insecure.mufj.jp/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/DS has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/SOA has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/MX has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/TXT has errors; select the "Denial of existence" DNSSEC option to see them.
- tb6ikxp1jy.insecure.mufj.jp/A has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/NS has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (11)
- NSEC3 proving non-existence of insecure.mufj.jp/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of insecure.mufj.jp/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
- RRSIG NSEC3 proving non-existence of insecure.mufj.jp/DS alg 7, id 19682: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG mufj.jp/DNSKEY alg 7, id 60678: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG mufj.jp/DNSKEY alg 7, id 60678: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG mufj.jp/SOA alg 7, id 19682: DNSSEC specification recommends not signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- com to e-ontap.com: The following NS name(s) were found in the delegation NS RRset (i.e., in the com zone), but not in the authoritative NS RRset: fake.tkix.net See RFC 1034, Sec. 4.2.2.
- mufj.jp to insecure.mufj.jp: The following NS name(s) were found in the delegation NS RRset (i.e., in the mufj.jp zone), but not in the authoritative NS RRset: ns3.mufj.jp See RFC 1034, Sec. 4.2.2.
- www.e-ontap.com/A: The server responded with no OPT record, rather than with RCODE FORMERR. See RFC 6891, Sec. 7. (14.192.44.1, 49.212.106.253, UDP_-_EDNS0_4096_D_K)
- tb6ikxp1jy.insecure.mufj.jp/A has warnings; select the "Denial of existence" DNSSEC option to see them.
- insecure.mufj.jp/DS has warnings; select the "Denial of existence" DNSSEC option to see them.
JavaScript is required to make the graph below interactive.
