www.catch-22.co.nz

Updated: 2021-03-07 08:35:36 UTC (1156 days ago) Update now

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Secure (1)

co.nz/SOA

DNSKEY/DS/NSEC status

Secure (19)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 42351)
NSEC3 proving non-existence of catch-22.co.nz/DS
co.nz/DNSKEY (alg 8, id 12085)
co.nz/DNSKEY (alg 8, id 14701)
co.nz/DNSKEY (alg 8, id 17230)
co.nz/DNSKEY (alg 8, id 42666)
co.nz/DS (alg 8, id 14701)
co.nz/DS (alg 8, id 14701)
co.nz/DS (alg 8, id 17230)
co.nz/DS (alg 8, id 17230)
nz/DNSKEY (alg 8, id 1324)
nz/DNSKEY (alg 8, id 17580)
nz/DNSKEY (alg 8, id 25234)
nz/DNSKEY (alg 8, id 60744)
nz/DS (alg 8, id 1324)
nz/DS (alg 8, id 1324)
nz/DS (alg 8, id 25234)
nz/DS (alg 8, id 25234)

Delegation status

Lame (1)

co.nz to catch-22.co.nz

Secure (2)

. to nz
nz to co.nz

Notices

Errors (4)

catch-22.co.nz zone: The server(s) responded over UDP with a malformed response or with an invalid RCODE. (45.113.8.216, 50.116.13.108, 103.250.232.100, 172.104.48.23)
catch-22.co.nz/DNSKEY: The response had an invalid RCODE (SERVFAIL). (45.113.8.216, 50.116.13.108, 103.250.232.100, 172.104.48.23, UDP_-_EDNS0_512_D_KN, UDP_-_NOEDNS_)
www.catch-22.co.nz/A: The response had an invalid RCODE (SERVFAIL). (45.113.8.216, 50.116.13.108, 103.250.232.100, 172.104.48.23, UDP_-_NOEDNS_)
www.catch-22.co.nz/AAAA: The response had an invalid RCODE (SERVFAIL). (45.113.8.216, 50.116.13.108, 103.250.232.100, 172.104.48.23, UDP_-_NOEDNS_)

Warnings (16)

co.nz/DS (alg 8, id 14701): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
co.nz/DS (alg 8, id 14701): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
co.nz/DS (alg 8, id 14701): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
co.nz/DS (alg 8, id 14701): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
co.nz/DS (alg 8, id 17230): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
co.nz/DS (alg 8, id 17230): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
co.nz/DS (alg 8, id 17230): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
co.nz/DS (alg 8, id 17230): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
nz/DS (alg 8, id 1324): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
nz/DS (alg 8, id 1324): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
nz/DS (alg 8, id 1324): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
nz/DS (alg 8, id 1324): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
nz/DS (alg 8, id 25234): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
nz/DS (alg 8, id 25234): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
nz/DS (alg 8, id 25234): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
nz/DS (alg 8, id 25234): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.