tniad.mil.id

Updated: 2020-11-27 13:01:48 UTC (1252 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Bogus (3)

tniad.mil.id/A
tniad.mil.id/NS
tniad.mil.id/SOA

DNSKEY/DS/NSEC status

Secure (11)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 26116)
id/DNSKEY (alg 8, id 22449)
id/DNSKEY (alg 8, id 26887)
id/DS (alg 8, id 26887)
id/DS (alg 8, id 26887)
mil.id/DNSKEY (alg 10, id 23342)
mil.id/DNSKEY (alg 10, id 27192)
mil.id/DS (alg 10, id 27192)
mil.id/DS (alg 10, id 27192)
tniad.mil.id/DS (alg 13, id 11885)

Non_existent (1)

tniad.mil.id/DNSKEY (alg 13, id 11885)

Delegation status

Bogus (1)

mil.id to tniad.mil.id

Secure (2)

. to id
id to mil.id

Notices

Errors (12)

mil.id to tniad.mil.id: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (103.89.124.243, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
mil.id to tniad.mil.id: The DS RRset for the zone included algorithm 13 (ECDSAP256SHA256), but no DS RR matched a DNSKEY with algorithm 13 that signs the zone's DNSKEY RRset. (103.89.124.243, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
tniad.mil.id zone: The server(s) responded over TCP with a malformed response or with an invalid RCODE. (103.89.124.244)
tniad.mil.id zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (103.89.124.244)
tniad.mil.id/A: No RRSIG covering the RRset was returned in the response. (103.89.124.243, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/A: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/DNSKEY: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
tniad.mil.id/NS: No RRSIG covering the RRset was returned in the response. (103.89.124.243, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/NS: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/SOA: No RRSIG covering the RRset was returned in the response. (103.89.124.243, TCP_-_EDNS0_4096_D, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_4096_D_K_0x20)
tniad.mil.id/SOA: The response had an invalid RCODE (REFUSED). (103.89.124.244, TCP_-_EDNS0_4096_D)
tniad.mil.id/SOA: The response had an invalid RCODE (REFUSED). (103.89.124.244, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_4096_D_K_0x20)

Warnings (18)

RRSIG mil.id/DNSKEY alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 27192: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG mil.id/DNSKEY alg 10, id 27192: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG tniad.mil.id/DS alg 10, id 23342: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
id/DNSKEY: The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_512_D_K)
id/DS (alg 8, id 26887): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
id/DS (alg 8, id 26887): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
id/DS (alg 8, id 26887): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
id/DS (alg 8, id 26887): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
mil.id/DNSKEY (alg 10, id 23342): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)
mil.id/DNSKEY (alg 10, id 27192): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)
mil.id/DS (alg 10, id 27192): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
mil.id/DS (alg 10, id 27192): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
mil.id/DS (alg 10, id 27192): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
mil.id/DS (alg 10, id 27192): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
tniad.mil.id/DS (alg 13, id 11885): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)
tniad.mil.id/DS (alg 13, id 11885): The server appears to support DNS cookies but did not return a COOKIE option. (45.126.57.57, UDP_-_EDNS0_4096_D_K)

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

tniad.mil.id

RRset status

Bogus (3)

DNSKEY/DS/NSEC status

Secure (11)

Non_existent (1)

Delegation status

Bogus (1)

Secure (2)

Notices

Errors (12)

Warnings (18)

DNSKEY legend

See also