View on GitHub

DNSViz: A DNS visualization tool

www.moea.gov.tw

Updated: 2020-07-17 09:42:16 UTC (548 days ago) Update now
« Previous analysis | Next analysis »
DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (4)
  • hinet.net/SOA
  • www-moea.cdn.hinet.net/A
  • www-moea.cdn.hinet.net/A
  • www-moea.cdn.hinet.net/A
Secure (3)
  • net/SOA
  • net/SOA
  • www.moea.gov.tw/CNAME

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (18)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 46594)
  • NSEC3 proving non-existence of hinet.net/DS
  • gov.tw/DNSKEY (alg 8, id 19435)
  • gov.tw/DNSKEY (alg 8, id 43578)
  • gov.tw/DNSKEY (alg 8, id 60108)
  • gov.tw/DS (alg 8, id 19435)
  • gov.tw/DS (alg 8, id 514)
  • moea.gov.tw/DNSKEY (alg 8, id 14572)
  • moea.gov.tw/DNSKEY (alg 8, id 62844)
  • moea.gov.tw/DS (alg 8, id 14572)
  • net/DNSKEY (alg 8, id 35886)
  • net/DNSKEY (alg 8, id 36059)
  • net/DNSKEY (alg 8, id 56519)
  • net/DS (alg 8, id 35886)
  • tw/DNSKEY (alg 8, id 40792)
  • tw/DNSKEY (alg 8, id 58611)
  • tw/DS (alg 8, id 40792)
Non_existent (1)
  • gov.tw/DNSKEY (alg 8, id 514)

Delegation statusDelegation status

Insecure (2)
  • hinet.net to cdn.hinet.net
  • net to hinet.net
Secure (4)
  • . to net
  • . to tw
  • gov.tw to moea.gov.tw
  • tw to gov.tw

NoticesNotices

Errors (1)
  • hinet.net zone: The server(s) responded over TCP with a malformed response or with an invalid RCODE. (2001:b000:168::2:100:1)
Warnings (4)
  • gov.tw to moea.gov.tw: AAAA glue records exist for gdns.moea.gov.tw, but there are no corresponding authoritative AAAA records.
  • moea.gov.tw/DNSKEY: The server responded with no OPT record, rather than with RCODE FORMERR. (163.29.193.99, 210.69.121.99, 2001:4420:6003:1200::99, 2001:4420:702c:1200::99, UDP_-_EDNS0_512_D_K)
  • tw/DNSKEY (alg 8, id 40792): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:b020:0:77::1, UDP_-_EDNS0_4096_D_K)
  • tw/DNSKEY (alg 8, id 58611): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:b020:0:77::1, UDP_-_EDNS0_4096_D_K)

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph