szn-broken-dnssec.cz

Updated: 2025-02-13 10:10:03 UTC (305 days ago) Update now

DNSSEC options (hide)

Notices

DNSSEC Authentication Chain

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 26470)
./DNSKEY (alg 8, id 38696)
cz/DNSKEY (alg 13, id 20237)
cz/DNSKEY (alg 13, id 27480)
cz/DS (alg 13, id 20237)
szn-broken-dnssec.cz/DS (alg 13, id 51575)

cz to szn-broken-dnssec.cz: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (77.75.74.80, 77.75.75.230, 2a02:598:3333::3, 2a02:598:4444::4, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
cz to szn-broken-dnssec.cz: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no DS RR matched a DNSKEY with algorithm 13 that signs the zone's DNSKEY RRset. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (77.75.74.80, 77.75.75.230, 2a02:598:3333::3, 2a02:598:4444::4, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
szn-broken-dnssec.cz/CDNSKEY: The CDNSKEY RRset must be signed with a key that is represented in both the current DNSKEY and the current DS RRset. See RFC 7344, Sec. 4.1.
szn-broken-dnssec.cz/CDS: The CDS RRset must be signed with a key that is represented in both the current DNSKEY and the current DS RRset. See RFC 7344, Sec. 4.1.

szn-broken-dnssec.cz/CDNSKEY: The contents of the DS RRset are inconsistent with those of the CDNSKEY RRset. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.
szn-broken-dnssec.cz/CDS: The contents of the DS RRset are inconsistent with those of the CDS RRset. See RFC 7344, Sec. 3, RFC 7344, Sec. 5.