cecc.gov
Updated:
2021-04-01 00:24:49 UTC (1334 days ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Insecure (3)
- cecc.gov/A
- cecc.gov/NS
- cecc.gov/SOA
Secure (1)
- gov/SOA
DNSKEY/DS/NSEC status
Insecure (2)
- cecc.gov/DNSKEY (alg 13, id 19992)
- cecc.gov/DNSKEY (alg 13, id 62951)
Secure (7)
- ./DNSKEY (alg 8, id 14631)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 42351)
- NSEC3 proving non-existence of cecc.gov/DS
- gov/DNSKEY (alg 8, id 27306)
- gov/DNSKEY (alg 8, id 7698)
- gov/DS (alg 8, id 7698)
Delegation status
Insecure (1)
- gov to cecc.gov
Secure (1)
- . to gov
Notices
Errors (16)
- NSEC3 proving non-existence of cecc.gov/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of cecc.gov/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
- RRSIG cecc.gov/NS alg 13, id 62951: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
- RRSIG cecc.gov/NS alg 13, id 62951: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
- RRSIG cecc.gov/SOA alg 13, id 62951: The cryptographic signature of the RRSIG RR does not properly validate. See RFC 4035, Sec. 5.3.3.
- cecc.gov/A: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (156.154.64.109, 156.154.65.109, 156.154.66.109, 156.154.67.109, 2001:502:4612::91, 2001:502:f3ff::91, 2610:a1:1014::91, 2610:a1:1015::91, UDP_-_EDNS0_4096_D_KN)
- cecc.gov/DNSKEY (alg 13, id 62951): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (156.154.64.109, 156.154.65.109, 156.154.66.109, 156.154.67.109, 2001:502:4612::91, 2001:502:f3ff::91, 2610:a1:1014::91, 2610:a1:1015::91, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
- cecc.gov/NS: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (156.154.64.109, 156.154.65.109, 156.154.66.109, 156.154.67.109, 2001:502:4612::91, 2001:502:f3ff::91, 2610:a1:1014::91, 2610:a1:1015::91, UDP_-_EDNS0_4096_D_KN)
- cecc.gov/SOA: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (156.154.64.109, 156.154.65.109, 156.154.66.109, 156.154.67.109, 2001:502:4612::91, 2001:502:f3ff::91, 2610:a1:1014::91, 2610:a1:1015::91, TCP_-_EDNS0_4096_D_N, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_4096_D_KN_0x20)
- cecc.gov/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
- du0e6gfqz3.cecc.gov/A has errors; select the "Denial of existence" DNSSEC option to see them.
- cecc.gov/TXT has errors; select the "Denial of existence" DNSSEC option to see them.
- cecc.gov/DS has errors; select the "Denial of existence" DNSSEC option to see them.
- cecc.gov/MX has errors; select the "Denial of existence" DNSSEC option to see them.
- cecc.gov/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
- cecc.gov/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (5)
- NSEC3 proving non-existence of cecc.gov/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
- NSEC3 proving non-existence of cecc.gov/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
- cecc.gov/DNSKEY (alg 13, id 19992): The DNSKEY RR was not found in the DNSKEY RRset returned by one or more servers. (156.154.64.109, 156.154.65.109, 156.154.66.109, 156.154.67.109, 2001:502:4612::91, 2001:502:f3ff::91, 2610:a1:1014::91, 2610:a1:1015::91, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
- gov to cecc.gov: The following NS name(s) were found in the delegation NS RRset (i.e., in the gov zone), but not in the authoritative NS RRset: oxygen.house.gov, oxygen2.house.gov See RFC 1034, Sec. 4.2.2.
- cecc.gov/DS has warnings; select the "Denial of existence" DNSSEC option to see them.
JavaScript is required to make the graph below interactive.
