View on GitHub

DNSViz: A DNS visualization tool

sftp.ess.eu

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (6)
  • ess.eu/SOA
  • ess.eu/SOA
  • it-pub-rproxy.ess.eu/A
  • it-pub-rproxy.ess.eu/AAAA (NODATA)
  • it-pub-rproxy.ess.eu/TXT (NODATA)
  • sftp.ess.eu/CNAME
Secure (1)
  • eu/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Insecure (4)
  • NSEC proving non-existence of it-pub-rproxy.ess.eu/AAAA
  • NSEC proving non-existence of it-pub-rproxy.ess.eu/TXT
  • ess.eu/DNSKEY (alg 8, id 29545)
  • ess.eu/DNSKEY (alg 8, id 52338)
Secure (6)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 60955)
  • NSEC3 proving non-existence of ess.eu/DS
  • eu/DNSKEY (alg 8, id 19371)
  • eu/DNSKEY (alg 8, id 35926)
  • eu/DS (alg 8, id 35926)

Delegation statusDelegation status

Insecure (1)
  • eu to ess.eu
Secure (1)
  • . to eu

NoticesNotices

Errors (15)
  • ess.eu zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (193.11.102.24)
  • ess.eu/DNSKEY (alg 8, id 52338): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (194.47.240.197, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • ess.eu/DNSKEY: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • ess.eu/SOA: No RRSIG covering the RRset was returned in the response. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • eu zone: The server(s) were not responsive to queries over UDP. (2001:978:2:1::93:2)
  • it-pub-rproxy.ess.eu/A: No RRSIG covering the RRset was returned in the response. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/A: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/AAAA (NODATA): No NSEC RR(s) were returned to validate the NODATA response. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/AAAA: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/TXT (NODATA): No NSEC RR(s) were returned to validate the NODATA response. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • it-pub-rproxy.ess.eu/TXT: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/A: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/AAAA: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/CNAME: No RRSIG covering the RRset was returned in the response. (194.47.240.197, UDP_-_EDNS0_4096_D_KN)
  • sftp.ess.eu/TXT: The response had an invalid RCODE (REFUSED). (193.11.102.24, UDP_-_EDNS0_4096_D_KN)
Warnings (2)
  • ess.eu/DNSKEY (alg 8, id 29545): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (194.47.240.197, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
  • eu to ess.eu: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the eu zone): ns2.esss.se

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph