{
"xarf_version": "4.0.0",
"report_id": "y5z6a7b8-c9d0-1234-yz56-78901xy23456",
"timestamp": "2024-01-15T13:30:15Z",
"reporter": {
"org": "DNSSEC Monitoring Service",
"contact": "dnssec@domainmonitor.org",
"domain": "domainmonitor.org"
},
"sender": {
"org": "DNSSEC Monitoring Service",
"contact": "dnssec@domainmonitor.org",
"domain": "domainmonitor.org"
},
"source_identifier": "203.0.113.200",
"source_port": 53,
"type": "outdated_dnssec",
"evidence_source": "vulnerability_scan",
"service": "bind",
"service_version": "BIND 9.11.4",
"domain": "example-domain.com",
"dnssec_status": "signed_but_outdated",
"key_algorithm": "RSASHA1",
"key_size": 1024,
"signature_expiration": "2023-12-15T00:00:00Z",
"days_expired": 31,
"recommended_algorithm": "RSASHA256",
"recommended_key_size": 2048,
"security_risk": "signature_replay_attack",
"evidence": [
{
"content_type": "text/plain",
"description": "DNSSEC validation results showing outdated signatures",
"payload": "RE5TU0VDIHNpZ25hdHVyZSBleHBpcmVkOiAzMSBkYXlzIG92ZXJkdWU="
}
],
"tags": [
"dnssec:expired",
"algorithm:weak",
"risk:replay_attack"
],
"_internal": {
"source_system": "dnssec_monitoring_service_v8.6",
"transmission_id": "dnssec_audit_20240115_y5z6a7b8",
"parser_confidence": 0.92,
"validation_score": 0.88,
"data_quality_flags": [
"signature_verified",
"expiry_confirmed",
"algorithm_analyzed"
],
"response_time_ms": 1400,
"false_positive_probability": 0.04,
"review_required": true,
"custom": {
"zone_type": "authoritative",
"registrar_notified": false,
"dns_operator": "self_managed",
"remediation_timeline": "7_days",
"security_incident": false,
"compliance_impact": "moderate"
}
},
"category": "vulnerability"
}