View on GitHub

DNSViz: A DNS visualization tool

outlook-com.olc.protection.outlook.com

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
  10. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (15)
  • olc.protection.outlook.com/SOA
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/A
  • outlook-com.olc.protection.outlook.com/NS
  • outlook-com.olc.protection.outlook.com/SOA
  • outlook.com/SOA
  • outlook.com/SOA
  • outlook.com/SOA
  • outlook.com/SOA
Secure (2)
  • com/SOA
  • com/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (6)
  • ./DNSKEY (alg 8, id 20038)
  • ./DNSKEY (alg 8, id 20326)
  • NSEC3 proving non-existence of outlook.com/DS
  • com/DNSKEY (alg 13, id 19718)
  • com/DNSKEY (alg 13, id 59354)
  • com/DS (alg 13, id 19718)

Delegation statusDelegation status

Insecure (4)
  • com to outlook.com
  • olc.protection.outlook.com to outlook-com.olc.protection.outlook.com
  • outlook.com to protection.outlook.com
  • protection.outlook.com to olc.protection.outlook.com
Secure (1)
  • . to com

NoticesNotices

Errors (1)
  • protection.outlook.com to olc.protection.outlook.com: An SOA RR with owner name (olc.protection.outlook.com) not matching the zone name (protection.outlook.com) was returned with the NODATA response. See RFC 1034, Sec. 4.3.4, RFC 2308, Sec. 2.2. (104.47.2.8, 104.47.38.8, 104.47.40.8, 104.47.44.8, 104.47.124.8, UDP_-_EDNS0_4096_D_KN)
Warnings (3)
  • ./DNSKEY: The server appears to support DNS cookies but did not return a COOKIE option. See RFC 7873, Sec. 5.2.3. (2001:500:2f::f, UDP_-_EDNS0_512_D_KN)
  • com/DS (alg 13, id 19718): The server appears to support DNS cookies but did not return a COOKIE option. See RFC 7873, Sec. 5.2.3. (2001:500:2f::f, UDP_-_EDNS0_4096_D_KN)
  • com/DS (alg 13, id 19718): The server appears to support DNS cookies but did not return a COOKIE option. See RFC 7873, Sec. 5.2.3. (2001:500:2f::f, UDP_-_EDNS0_4096_D_KN)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph