dot.gov
Updated:
2022-04-21 19:56:16 UTC (739 days ago)
Go to most recent »
Notices
DNSSEC Authentication Chain
RRset status
Secure (6)
- dot.gov/A
- dot.gov/MX
- dot.gov/NS
- dot.gov/NSEC3PARAM
- dot.gov/SOA
- dot.gov/TXT
DNSKEY/DS/NSEC status
Secure (14)
- ./DNSKEY (alg 8, id 20326)
- ./DNSKEY (alg 8, id 47671)
- dot.gov/DNSKEY (alg 8, id 17319)
- dot.gov/DNSKEY (alg 8, id 40413)
- dot.gov/DNSKEY (alg 8, id 49516)
- dot.gov/DNSKEY (alg 8, id 56035)
- dot.gov/DNSKEY (alg 8, id 9528)
- dot.gov/DS (alg 8, id 49516)
- dot.gov/DS (alg 8, id 49516)
- dot.gov/DS (alg 8, id 56035)
- dot.gov/DS (alg 8, id 56035)
- gov/DNSKEY (alg 8, id 2706)
- gov/DNSKEY (alg 8, id 7698)
- gov/DS (alg 8, id 7698)
Delegation status
Secure (2)
- . to gov
- gov to dot.gov
Notices
Errors (6)
- gov/DS (alg 8, id 7698): DNSSEC was effectively downgraded because no response was received from the server over UDP (tried 11 times) with EDNS enabled. (2001:7fe::53, UDP_-_NOEDNS_)
- gov/DS (alg 8, id 7698): DNSSEC was effectively downgraded because no response was received from the server over UDP (tried 11 times) with EDNS enabled. (2001:7fe::53, UDP_-_NOEDNS_)
- gov/DS (alg 8, id 7698): No response was received from the server over UDP (tried 11 times) until EDNS was disabled (however, this server appeared to respond legitimately to other queries with EDNS enabled). (2001:7fe::53, UDP_-_EDNS0_4096_D_KN)
- gov/DS (alg 8, id 7698): No response was received from the server over UDP (tried 11 times) until EDNS was disabled (however, this server appeared to respond legitimately to other queries with EDNS enabled). (2001:7fe::53, UDP_-_EDNS0_4096_D_KN)
- gov/DS (alg 8, id 7698): The DNSSEC records necessary to validate the response could not be retrieved from the server. (2001:7fe::53, UDP_-_EDNS0_4096_D_KN)
- gov/DS (alg 8, id 7698): The DNSSEC records necessary to validate the response could not be retrieved from the server. (2001:7fe::53, UDP_-_EDNS0_4096_D_KN)
Warnings (13)
- dot.gov/DNSKEY (alg 8, id 17319): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:19e8:d::100, UDP_-_EDNS0_4096_D_KN)
- dot.gov/DNSKEY (alg 8, id 40413): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:19e8:d::100, UDP_-_EDNS0_4096_D_KN)
- dot.gov/DNSKEY (alg 8, id 49516): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:19e8:d::100, UDP_-_EDNS0_4096_D_KN)
- dot.gov/DNSKEY (alg 8, id 56035): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:19e8:d::100, UDP_-_EDNS0_4096_D_KN)
- dot.gov/DNSKEY (alg 8, id 9528): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. (2001:19e8:d::100, UDP_-_EDNS0_4096_D_KN)
- dot.gov/DS (alg 8, id 49516): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
- dot.gov/DS (alg 8, id 49516): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
- dot.gov/DS (alg 8, id 49516): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
- dot.gov/DS (alg 8, id 49516): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
- dot.gov/DS (alg 8, id 56035): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
- dot.gov/DS (alg 8, id 56035): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
- dot.gov/DS (alg 8, id 56035): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
- dot.gov/DS (alg 8, id 56035): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
JavaScript is required to make the graph below interactive.
