mailfence.com

Updated: 2020-12-24 04:57:52 UTC (1374 days ago) Go to most recent »

DNSSEC options (hide)

Notices

DNSSEC Authentication Chain

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 26116)
./DNSKEY (alg 8, id 42351)
com/DNSKEY (alg 8, id 30909)
com/DNSKEY (alg 8, id 31510)
com/DS (alg 8, id 30909)
mailfence.com/DNSKEY (alg 8, id 31485)
mailfence.com/DNSKEY (alg 8, id 952)
mailfence.com/DS (alg 8, id 952)
mailfence.com/DS (alg 8, id 952)

RRSIG mailfence.com/MX alg 8, id 31485: With a TTL of 1209600 the RRSIG RR can be in the cache of a non-validating resolver until 6 days after it expires at 2020-12-31 22:34:12+00:00. See RFC 4035, Sec. 5.3.3.
ecd0l617xm.mailfence.com/A has errors; select the "Denial of existence" DNSSEC option to see them.
mailfence.com/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
mailfence.com/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.

mailfence.com/DS (alg 8, id 952): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
mailfence.com/DS (alg 8, id 952): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
mailfence.com/DS (alg 8, id 952): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
mailfence.com/DS (alg 8, id 952): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
ecd0l617xm.mailfence.com/A has warnings; select the "Denial of existence" DNSSEC option to see them.
mailfence.com/AAAA has warnings; select the "Denial of existence" DNSSEC option to see them.
mailfence.com/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.