www.ipn.mx

Updated: 2023-06-28 13:37:24 UTC (512 days ago) Update now

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Insecure (2)

ipn.mx/A
www.ipn.mx/CNAME

Secure (2)

mx/SOA
mx/SOA

DNSKEY/DS/NSEC status

Insecure (2)

ipn.mx/DNSKEY (alg 10, id 57728)
ipn.mx/DNSKEY (alg 10, id 65049)

Secure (7)

./DNSKEY (alg 8, id 11019)
./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 60955)
NSEC3 proving non-existence of ipn.mx/DS
mx/DNSKEY (alg 8, id 39000)
mx/DNSKEY (alg 8, id 61885)
mx/DS (alg 8, id 61885)

Non_existent (1)

www.ipn.mx/DNSKEY (alg 7, id 60830)

Delegation status

Insecure (1)

mx to ipn.mx

Secure (1)

. to mx

Notices

Errors (8)

NSEC3 proving non-existence of ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of ipn.mx/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
RRSIG www.ipn.mx/CNAME alg 7, id 60830: The Signer's Name field of the RRSIG RR (www.ipn.mx) does not match the name of the zone containing the RRset (ipn.mx). See RFC 4035, Sec. 5.3.1.
RRSIG www.ipn.mx/CNAME alg 7, id 60830: The Signer's Name field of the RRSIG RR (www.ipn.mx) does not match the name of the zone containing the RRset (ipn.mx). See RFC 4035, Sec. 5.3.1.
RRSIG www.ipn.mx/CNAME alg 7, id 60830: The Signer's Name field of the RRSIG RR (www.ipn.mx) does not match the name of the zone containing the RRset (ipn.mx). See RFC 4035, Sec. 5.3.1.
www.ipn.mx/CNAME: The DNSKEY RRset for the zone included algorithm 10 (RSASHA512), but no RRSIG with algorithm 10 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (148.204.103.2, 148.204.198.2, 148.204.235.2, UDP_-_EDNS0_4096_D_KN)
ipn.mx/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
www.ipn.mx/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.

Warnings (22)

NSEC3 proving non-existence of ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of ipn.mx/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
RRSIG ipn.mx/A alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/A alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/A alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 57728: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG ipn.mx/DNSKEY alg 10, id 65049: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG www.ipn.mx/CNAME alg 7, id 60830: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG www.ipn.mx/CNAME alg 7, id 60830: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG www.ipn.mx/CNAME alg 7, id 60830: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
ipn.mx/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.
www.ipn.mx/AAAA has warnings; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

www.ipn.mx

RRset status

Insecure (2)

Secure (2)

DNSKEY/DS/NSEC status

Insecure (2)

Secure (7)

Non_existent (1)

Delegation status

Insecure (1)

Secure (1)

Notices

Errors (8)

Warnings (22)

DNSKEY legend

See also