patrikhall.com

Updated: 2023-01-10 10:57:53 UTC (682 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Secure (5)

patrikhall.com/A
patrikhall.com/MX
patrikhall.com/NS
patrikhall.com/SOA
patrikhall.com/TXT

DNSKEY/DS/NSEC status

Secure (14)

./DNSKEY (alg 8, id 18733)
./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 951)
com/DNSKEY (alg 8, id 30909)
com/DNSKEY (alg 8, id 53929)
com/DS (alg 8, id 30909)
patrikhall.com/DNSKEY (alg 14, id 12925)
patrikhall.com/DNSKEY (alg 14, id 2236)
patrikhall.com/DNSKEY (alg 14, id 49174)
patrikhall.com/DNSKEY (alg 14, id 65105)
patrikhall.com/DS (alg 14, id 12925)
patrikhall.com/DS (alg 14, id 12925)
patrikhall.com/DS (alg 14, id 2236)
patrikhall.com/DS (alg 14, id 2236)

Delegation status

Secure (2)

. to com
com to patrikhall.com

Notices

Warnings (10)

com/DS (alg 8, id 30909): No response was received from the server over UDP (tried 6 times) until the COOKIE EDNS option was removed (however, this server appeared to respond legitimately to other queries with the COOKIE EDNS option present). See RFC 6891, Sec. 6.1.2. (192.228.79.201, 199.9.14.201, UDP_-_EDNS0_4096_D_KN)
com/DS (alg 8, id 30909): No response was received from the server over UDP (tried 6 times) until the COOKIE EDNS option was removed (however, this server appeared to respond legitimately to other queries with the COOKIE EDNS option present). See RFC 6891, Sec. 6.1.2. (192.228.79.201, 199.9.14.201, UDP_-_EDNS0_4096_D_KN)
patrikhall.com/DS (alg 14, id 12925): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
patrikhall.com/DS (alg 14, id 12925): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
patrikhall.com/DS (alg 14, id 12925): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
patrikhall.com/DS (alg 14, id 12925): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
patrikhall.com/DS (alg 14, id 2236): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
patrikhall.com/DS (alg 14, id 2236): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
patrikhall.com/DS (alg 14, id 2236): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
patrikhall.com/DS (alg 14, id 2236): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.