libreswan.org
Updated:
2020-09-11 13:30:07 UTC (5 years ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Bogus (4)
- libreswan.org/A
- libreswan.org/AAAA
- libreswan.org/NS
- libreswan.org/TXT
Secure (2)
- libreswan.org/MX
- libreswan.org/SOA
DNSKEY/DS/NSEC status
Secure (11)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 46594)
- libreswan.org/DNSKEY (alg 8, id 2644)
- libreswan.org/DNSKEY (alg 8, id 28179)
- libreswan.org/DS (alg 8, id 15232)
- libreswan.org/DS (alg 8, id 2644)
- org/DNSKEY (alg 7, id 17883)
- org/DNSKEY (alg 7, id 22064)
- org/DNSKEY (alg 7, id 3197)
- org/DS (alg 7, id 17883)
- org/DS (alg 7, id 17883)
Non_existent (1)
- libreswan.org/DNSKEY (alg 8, id 15232)
Delegation status
Secure (2)
- . to org
- org to libreswan.org
Notices
Errors (6)
- RRSIG libreswan.org/A alg 8, id 28179: The Signature Expiration field of the RRSIG RR (2020-09-11 13:24:51+00:00) is 5 minutes in the past. See RFC 4035, Sec. 5.3.1.
- RRSIG libreswan.org/AAAA alg 8, id 28179: The Signature Expiration field of the RRSIG RR (2020-09-09 19:31:01+00:00) is 1 day in the past. See RFC 4035, Sec. 5.3.1.
- RRSIG libreswan.org/NS alg 8, id 28179: The Signature Expiration field of the RRSIG RR (2020-09-11 10:41:34+00:00) is 2 hours, 48 minutes in the past. See RFC 4035, Sec. 5.3.1.
- RRSIG libreswan.org/TXT alg 8, id 28179: The Signature Expiration field of the RRSIG RR (2020-09-10 20:58:06+00:00) is 16 hours, 32 minutes in the past. See RFC 4035, Sec. 5.3.1.
- qhvan357p4.libreswan.org/A has errors; select the "Denial of existence" DNSSEC option to see them.
- libreswan.org/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (14)
- RRSIG libreswan.org/DS alg 7, id 22064: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG libreswan.org/DS alg 7, id 22064: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG org/DNSKEY alg 7, id 17883: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG org/DNSKEY alg 7, id 17883: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG org/DNSKEY alg 7, id 17883: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG org/DNSKEY alg 7, id 22064: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG org/DNSKEY alg 7, id 22064: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- RRSIG org/DNSKEY alg 7, id 22064: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
- org/DS (alg 7, id 17883): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
- org/DS (alg 7, id 17883): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
- org/DS (alg 7, id 17883): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
- org/DS (alg 7, id 17883): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
- qhvan357p4.libreswan.org/A has warnings; select the "Denial of existence" DNSSEC option to see them.
- libreswan.org/DS has warnings; select the "Denial of existence" DNSSEC option to see them.
JavaScript is required to make the graph below interactive.
