View on GitHub

DNSViz: A DNS visualization tool

www.netflix.com

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Insecure (28)
  • amazonaws.com/SOA
  • amazonaws.com/SOA
  • dradis.netflix.com/SOA
  • dradis.netflix.com/SOA
  • dradis.netflix.com/SOA
  • dradis.netflix.com/SOA
  • dualstack.apiproxy-website-nlb-prod-1-5675d5ecda6efdd8.elb.eu-west-1.amazonaws.com/A
  • dualstack.apiproxy-website-nlb-prod-1-5675d5ecda6efdd8.elb.eu-west-1.amazonaws.com/AAAA
  • dualstack.apiproxy-website-nlb-prod-1-bcf28d21f4bbcf2c.elb.us-west-2.amazonaws.com/A
  • dualstack.apiproxy-website-nlb-prod-1-bcf28d21f4bbcf2c.elb.us-west-2.amazonaws.com/AAAA
  • dualstack.apiproxy-website-nlb-prod-2-b4de62b516adfbbf.elb.eu-west-1.amazonaws.com/A
  • dualstack.apiproxy-website-nlb-prod-2-b4de62b516adfbbf.elb.eu-west-1.amazonaws.com/AAAA
  • dualstack.apiproxy-website-nlb-prod-2-e98cb8cf33ff3581.elb.us-west-2.amazonaws.com/A
  • dualstack.apiproxy-website-nlb-prod-2-e98cb8cf33ff3581.elb.us-west-2.amazonaws.com/AAAA
  • dualstack.apiproxy-website-nlb-prod-3-ac110f6ae472b85a.elb.eu-west-1.amazonaws.com/A
  • dualstack.apiproxy-website-nlb-prod-3-ac110f6ae472b85a.elb.eu-west-1.amazonaws.com/AAAA
  • eu-west-1.amazonaws.com/SOA
  • internal.dradis.netflix.com/A (NXDOMAIN)
  • netflix.com/SOA
  • us-west-2.amazonaws.com/SOA
  • www.dradis.netflix.com/CNAME
  • www.dradis.netflix.com/CNAME
  • www.eu-west-1.internal.dradis.netflix.com/CNAME
  • www.eu-west-1.internal.dradis.netflix.com/CNAME
  • www.eu-west-1.internal.dradis.netflix.com/CNAME
  • www.netflix.com/CNAME
  • www.us-west-2.internal.dradis.netflix.com/CNAME
  • www.us-west-2.internal.dradis.netflix.com/CNAME
Secure (3)
  • com/SOA
  • com/SOA
  • com/SOA

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Secure (7)
  • ./DNSKEY (alg 8, id 20326)
  • ./DNSKEY (alg 8, id 26838)
  • NSEC3 proving non-existence of amazonaws.com/DS
  • NSEC3 proving non-existence of netflix.com/DS
  • com/DNSKEY (alg 8, id 30909)
  • com/DNSKEY (alg 8, id 39343)
  • com/DS (alg 8, id 30909)

Delegation statusDelegation status

Insecure (7)
  • amazonaws.com to eu-west-1.amazonaws.com
  • amazonaws.com to us-west-2.amazonaws.com
  • com to amazonaws.com
  • com to netflix.com
  • eu-west-1.amazonaws.com to elb.eu-west-1.amazonaws.com
  • netflix.com to dradis.netflix.com
  • us-west-2.amazonaws.com to elb.us-west-2.amazonaws.com
Secure (1)
  • . to com

NoticesNotices

Errors (5)
  • www.eu-west-1.internal.dradis.netflix.com/CNAME: A query for www.eu-west-1.internal.dradis.netflix.com results in a NOERROR response, while a query for its ancestor, internal.dradis.netflix.com, returns a name error (NXDOMAIN), which indicates that subdomains of internal.dradis.netflix.com, including www.eu-west-1.internal.dradis.netflix.com, don't exist. (2a00:86c0:2008::1, UDP_-_EDNS0_4096_D_KN)
  • www.eu-west-1.internal.dradis.netflix.com/CNAME: A query for www.eu-west-1.internal.dradis.netflix.com results in a NOERROR response, while a query for its ancestor, internal.dradis.netflix.com, returns a name error (NXDOMAIN), which indicates that subdomains of internal.dradis.netflix.com, including www.eu-west-1.internal.dradis.netflix.com, don't exist. (45.57.8.1, 2a00:86c0:2009::1, UDP_-_EDNS0_4096_D_KN)
  • www.eu-west-1.internal.dradis.netflix.com/CNAME: A query for www.eu-west-1.internal.dradis.netflix.com results in a NOERROR response, while a query for its ancestor, internal.dradis.netflix.com, returns a name error (NXDOMAIN), which indicates that subdomains of internal.dradis.netflix.com, including www.eu-west-1.internal.dradis.netflix.com, don't exist. (45.57.9.1, UDP_-_EDNS0_4096_D_KN)
  • www.us-west-2.internal.dradis.netflix.com/CNAME: A query for www.us-west-2.internal.dradis.netflix.com results in a NOERROR response, while a query for its ancestor, internal.dradis.netflix.com, returns a name error (NXDOMAIN), which indicates that subdomains of internal.dradis.netflix.com, including www.us-west-2.internal.dradis.netflix.com, don't exist. (45.57.8.1, UDP_-_EDNS0_4096_D_KN)
  • www.us-west-2.internal.dradis.netflix.com/CNAME: A query for www.us-west-2.internal.dradis.netflix.com results in a NOERROR response, while a query for its ancestor, internal.dradis.netflix.com, returns a name error (NXDOMAIN), which indicates that subdomains of internal.dradis.netflix.com, including www.us-west-2.internal.dradis.netflix.com, don't exist. (45.57.9.1, 2a00:86c0:2008::1, 2a00:86c0:2009::1, UDP_-_EDNS0_4096_D_KN)
Warnings (1)
  • com to netflix.com: Authoritative AAAA records exist for ns-81.awsdns-10.com, but there are no corresponding AAAA glue records.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph