View on GitHub

DNSViz: A DNS visualization tool

nic.hsbc

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (4)
  • nic.hsbc/A
  • nic.hsbc/NS
  • nic.hsbc/NSEC3PARAM
  • nic.hsbc/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Bogus (4)
  • nic.hsbc/DNSKEY (alg 8, id 47620)
  • nic.hsbc/DNSKEY (alg 8, id 6633)
  • nic.hsbc/DS (alg 8, id 47620)
  • nic.hsbc/DS (alg 8, id 47620)
Secure (4)
  • ./DNSKEY (alg 8, id 14748)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 26838)
  • hsbc/DS (alg 8, id 862)
Non_existent (2)
  • hsbc/DNSKEY (alg 8, id 4470)
  • hsbc/DNSKEY (alg 8, id 862)

Delegation statusDelegation status

Bogus (1)
  • . to hsbc
Secure (1)
  • hsbc to nic.hsbc

NoticesNotices

Errors (3)
  • . to hsbc: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone.
  • hsbc zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c)
  • hsbc/DNSKEY: The response had an invalid RCODE (SERVFAIL). (156.154.144.76, 156.154.145.76, 156.154.156.76, 156.154.157.76, 156.154.158.76, 156.154.159.76, 2610:a1:1071::4c, 2610:a1:1072::4c, 2610:a1:1073::4c, 2610:a1:1074::4c, 2610:a1:1075::4c, 2610:a1:1076::4c, UDP_-_EDNS0_512_D_KN, UDP_-_NOEDNS_)
Warnings (10)
  • hsbc/DS (alg 8, id 862): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • hsbc/DS (alg 8, id 862): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • hsbc/DS (alg 8, id 862): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • hsbc/DS (alg 8, id 862): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • hsbc/DS (alg 8, id 862): The server appears to support DNS cookies but did not return a COOKIE option. (193.0.14.129, UDP_-_EDNS0_4096_D_KN)
  • hsbc/DS (alg 8, id 862): The server appears to support DNS cookies but did not return a COOKIE option. (193.0.14.129, UDP_-_EDNS0_4096_D_KN)
  • nic.hsbc/DS (alg 8, id 47620): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • nic.hsbc/DS (alg 8, id 47620): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
  • nic.hsbc/DS (alg 8, id 47620): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • nic.hsbc/DS (alg 8, id 47620): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph