View on GitHub

DNSViz: A DNS visualization tool

cia.gov

DNSSEC options (hide)
  1. |?|
  2. |?|
  3. |?|
  4. |?|
  5. |?|
  6. |?|
  7. |?|
Notices
DNSSEC Authentication Chain

RRset statusRRset status

Bogus (16)
  • cia.gov/A
  • cia.gov/A
  • cia.gov/A
  • cia.gov/A
  • cia.gov/A
  • cia.gov/A
  • cia.gov/AAAA
  • cia.gov/AAAA
  • cia.gov/AAAA
  • cia.gov/AAAA
  • cia.gov/AAAA
  • cia.gov/AAAA
  • cia.gov/MX
  • cia.gov/NS
  • cia.gov/SOA
  • cia.gov/TXT

DNSKEY/DS/NSEC statusDNSKEY/DS/NSEC status

Bogus (3)
  • cia.gov/DNSKEY (alg 8, id 16440)
  • cia.gov/DNSKEY (alg 8, id 55444)
  • cia.gov/DNSKEY (alg 8, id 55479)
Secure (7)
  • ./DNSKEY (alg 8, id 19036)
  • ./DNSKEY (alg 8, id 61045)
  • cia.gov/DS (alg 8, id 22462)
  • cia.gov/DS (alg 8, id 55444)
  • gov/DNSKEY (alg 8, id 28127)
  • gov/DNSKEY (alg 8, id 7698)
  • gov/DS (alg 8, id 7698)
Non_existent (1)
  • cia.gov/DNSKEY (alg 8, id 22462)

Delegation statusDelegation status

Bogus (1)
  • gov to cia.gov
Secure (1)
  • . to gov

NoticesNotices

Errors (1)
  • gov to cia.gov: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (2.22.230.65, 23.211.61.66, 23.211.132.67, 96.7.49.64, 184.26.160.65, 193.108.91.22, 2600:1401:2::16, 2600:1406:1b::43, UDP_0_EDNS0_32768_4096)
Warnings (2)
  • cia.gov/DS (alg 8, id 55444): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
  • cia.gov/DS (alg 8, id 55444): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.

DNSKEY legend

Full legend
SEP bit setSEP bit set
Revoke bit setRevoke bit set
Trust anchorTrust anchor
Download: png | svg
Warning JavaScript is required to make the graph below interactive.
DNSSEC authentication graph