distfiles.gentoo.org

Updated: 2022-07-03 18:13:45 UTC (1275 days ago) Update now

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Insecure (6)

1060329950.rsc.cdn77.org/A
1060329950.rsc.cdn77.org/A
1060329950.rsc.cdn77.org/A
1060329950.rsc.cdn77.org/AAAA
1060329950.rsc.cdn77.org/AAAA
1060329950.rsc.cdn77.org/AAAA

Secure (3)

distfiles-cdn.gentoo.org/CNAME
distfiles.gentoo.org/CNAME
org/SOA

DNSKEY/DS/NSEC status

Secure (11)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 20826)
./DNSKEY (alg 8, id 47671)
NSEC3 proving non-existence of cdn77.org/DS
gentoo.org/DNSKEY (alg 5, id 46873)
gentoo.org/DNSKEY (alg 5, id 52980)
gentoo.org/DS (alg 5, id 46873)
org/DNSKEY (alg 8, id 26974)
org/DNSKEY (alg 8, id 41346)
org/DNSKEY (alg 8, id 52626)
org/DS (alg 8, id 26974)

Delegation status

Insecure (1)

org to cdn77.org

Secure (2)

. to org
org to gentoo.org

Notices

Errors (2)

NSEC3 proving non-existence of cdn77.org/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of cdn77.org/DS: An iterations count of 0 must be used in NSEC3 records to alleviate computational burdens. See RFC 9276, Sec. 3.1.

Warnings (12)

NSEC3 proving non-existence of cdn77.org/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
NSEC3 proving non-existence of cdn77.org/DS: The salt value for an NSEC3 record should be empty. See RFC 9276, Sec. 3.1.
RRSIG distfiles-cdn.gentoo.org/CNAME alg 5, id 52980: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG distfiles-cdn.gentoo.org/CNAME alg 5, id 52980: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG distfiles.gentoo.org/CNAME alg 5, id 52980: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG distfiles.gentoo.org/CNAME alg 5, id 52980: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG gentoo.org/DNSKEY alg 5, id 46873: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG gentoo.org/DNSKEY alg 5, id 46873: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG gentoo.org/DNSKEY alg 5, id 52980: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
RRSIG gentoo.org/DNSKEY alg 5, id 52980: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 5 (RSASHA1). See RFC 8624, Sec. 3.1.
org to gentoo.org: The glue address(es) for ns1.gentoo.org (2001:470:ea4a:1:225:90ff:fe02:16e5, 2001:470:ea4a:1:a800:ff:fe3a:8870) differed from its authoritative address(es) (2001:470:ea4a:1:225:90ff:fe02:16e5). See RFC 1034, Sec. 4.2.2.
gentoo.org/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

distfiles.gentoo.org

RRset status

Insecure (6)

Secure (3)

DNSKEY/DS/NSEC status

Secure (11)

Delegation status

Insecure (1)

Secure (2)

Notices

Errors (2)

Warnings (12)

DNSKEY legend

See also