lr | DNSViz

lr

Updated: 2024-06-13 07:35:37 UTC (18 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Secure (2)

lr/NS
lr/SOA

DNSKEY/DS/NSEC status

Secure (5)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 5613)
lr/DNSKEY (alg 8, id 29984)
lr/DNSKEY (alg 8, id 42940)
lr/DS (alg 8, id 29984)

Delegation status

Secure (1)

. to lr

Notices

Errors (3)

RRSIG lr/DNSKEY alg 8, id 29984: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
RRSIG lr/DNSKEY alg 8, id 29984: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
lr/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.

Warnings (1)

lr/SOA: No response was received from the server over UDP (tried 6 times) until the COOKIE EDNS option was removed (however, this server appeared to respond legitimately to other queries with the COOKIE EDNS option present). See RFC 6891, Sec. 6.1.2. (2001:418:1::39, UDP_-_EDNS0_4096_D_KN)

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

See also

DNSSEC Debugger by Verisign Labs.

Download: png | svg

Warning

JavaScript is required to make the graph below interactive.

DNSSEC authentication graph