View on GitHub

DNSViz: A DNS visualization tool

sftp.ess.eu

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
  8. |?|
  9. |?|
  10. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (6)
  • ess.eu/SOA
  • ess.eu/SOA
  • it-pub-rproxy.ess.eu/A
  • it-pub-rproxy.ess.eu/AAAA (NODATA)
  • it-pub-rproxy.ess.eu/TXT (NODATA)
  • sftp.ess.eu/CNAME
Secure (1)
  • eu/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Insecure (4)
  • NSEC proving non-existence of it-pub-rproxy.ess.eu/AAAA
  • NSEC proving non-existence of it-pub-rproxy.ess.eu/TXT
  • ess.eu/DNSKEY (alg 8, id 29545)
  • ess.eu/DNSKEY (alg 8, id 52338)
Secure (6)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 60955)
  • NSEC3 proving non-existence of ess.eu/DS
  • eu/DNSKEY (alg 8, id 19371)
  • eu/DNSKEY (alg 8, id 35926)
  • eu/DS (alg 8, id 35926)

Delegation statusDelegation status

Insecure (1)
  • eu to ess.eu
Secure (1)
  • . to eu

NoticesNotices

Errors (20)
  • RRSIG it-pub-rproxy.ess.eu/A alg 8, id 52338: The TTL of the RRset (10800) exceeds the value of the Original TTL field of the RRSIG RR covering it (3600). See RFC 4035, Sec. 2.2.
  • RRSIG sftp.ess.eu/CNAME alg 8, id 52338: The TTL of the RRset (10800) exceeds the value of the Original TTL field of the RRSIG RR covering it (3600). See RFC 4035, Sec. 2.2.
  • RRSIG sftp.ess.eu/CNAME alg 8, id 52338: The TTL of the RRset (10800) exceeds the value of the Original TTL field of the RRSIG RR covering it (3600). See RFC 4035, Sec. 2.2.
  • RRSIG sftp.ess.eu/CNAME alg 8, id 52338: The TTL of the RRset (10800) exceeds the value of the Original TTL field of the RRSIG RR covering it (3600). See RFC 4035, Sec. 2.2.
  • ess.eu zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. See RFC 1035, Sec. 4.1.1. (193.11.102.24)
  • ess.eu/DNSKEY (alg 8, id 52338): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (194.47.240.197, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • ess.eu/DNSKEY: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • ess.eu/SOA: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • eu zone: The server(s) were not responsive to queries over UDP. See RFC 1035, Sec. 4.2. (2001:978:2:1::93:2)
  • it-pub-rproxy.ess.eu/A: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/A: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/AAAA (NODATA): No NSEC RR(s) were returned to validate the NODATA response. See RFC 4035, Sec. 3.1.3.1, RFC 5155, Sec. 7.2.3, RFC 5155, Sec. 7.2.4. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/AAAA: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/TXT (NODATA): No NSEC RR(s) were returned to validate the NODATA response. See RFC 4035, Sec. 3.1.3.1, RFC 5155, Sec. 7.2.3, RFC 5155, Sec. 7.2.4. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/TXT: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/A: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/AAAA: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/CNAME: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/TXT: The response had an invalid RCODE (REFUSED). See RFC 1035, Sec. 4.1.1. (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • ess.eu/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (2)
  • ess.eu/DNSKEY (alg 8, id 29545): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (194.47.240.197, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • eu to ess.eu: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the eu zone): ns2.esss.se See RFC 1034, Sec. 4.2.2.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph