gov.pt

Updated: 2024-10-14 07:30:34 UTC (79 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Secure (5)

gov.pt/A
gov.pt/NS
gov.pt/NSEC3PARAM
gov.pt/SOA
gov.pt/TXT

DNSKEY/DS/NSEC status

Secure (8)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 61050)
gov.pt/DNSKEY (alg 10, id 51381)
gov.pt/DNSKEY (alg 10, id 55073)
gov.pt/DS (alg 10, id 51381)
pt/DNSKEY (alg 13, id 30640)
pt/DNSKEY (alg 13, id 40155)
pt/DS (alg 13, id 40155)

Delegation status

Secure (2)

. to pt
pt to gov.pt

Notices

Errors (10)

./DNSKEY: No response was received from the server over UDP (tried 4 times). See RFC 1035, Sec. 4.2. (192.33.4.12, UDP_-_EDNS0_512_D_KN)
gov.pt zone: The server(s) were not responsive to queries over UDP. See RFC 1035, Sec. 4.2. (193.47.185.3)
gov.pt/A: No response was received from the server over UDP (tried 12 times). See RFC 1035, Sec. 4.2. (193.47.185.3, UDP_-_NOEDNS_)
gov.pt/NS: No response was received from the server over UDP (tried 12 times). See RFC 1035, Sec. 4.2. (193.47.185.3, UDP_-_NOEDNS_)
gov.pt/CDNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
gov.pt/CDS has errors; select the "Denial of existence" DNSSEC option to see them.
gov.pt/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
gov.pt/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
gov.pt/MX has errors; select the "Denial of existence" DNSSEC option to see them.
topc4.zo6fp.gov.pt/A has errors; select the "Denial of existence" DNSSEC option to see them.

Warnings (20)

./DNSKEY (alg 8, id 20326): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. See RFC 6891, Sec. 6.2.6. (192.33.4.12, UDP_-_EDNS0_4096_D_KN)
./DNSKEY (alg 8, id 61050): No response was received until the UDP payload size was decreased, indicating that the server might be attempting to send a payload that exceeds the path maximum transmission unit (PMTU) size. See RFC 6891, Sec. 6.2.6. (192.33.4.12, UDP_-_EDNS0_4096_D_KN)
RRSIG gov.pt/A alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/DNSKEY alg 10, id 51381: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/DNSKEY alg 10, id 51381: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/DNSKEY alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/DNSKEY alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/NS alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/NSEC3PARAM alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/SOA alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG gov.pt/TXT alg 10, id 55073: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
pt/DS (alg 13, id 40155): No response was received from the server over UDP (tried 7 times) until the NSID EDNS option was removed (however, this server appeared to respond legitimately to other queries with the NSID EDNS option present). See RFC 6891, Sec. 6.1.2. (192.33.4.12, UDP_-_EDNS0_4096_D_KN)
pt/DS (alg 13, id 40155): No response was received from the server over UDP (tried 7 times) until the NSID EDNS option was removed (however, this server appeared to respond legitimately to other queries with the NSID EDNS option present). See RFC 6891, Sec. 6.1.2. (192.33.4.12, UDP_-_EDNS0_4096_D_KN)
gov.pt/AAAA has warnings; select the "Denial of existence" DNSSEC option to see them.
gov.pt/CDS has warnings; select the "Denial of existence" DNSSEC option to see them.
gov.pt/DNSKEY has warnings; select the "Denial of existence" DNSSEC option to see them.
gov.pt/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.
gov.pt/MX has warnings; select the "Denial of existence" DNSSEC option to see them.
gov.pt/CDNSKEY has warnings; select the "Denial of existence" DNSSEC option to see them.
topc4.zo6fp.gov.pt/A has warnings; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

gov.pt

RRset status

Secure (5)

DNSKEY/DS/NSEC status

Secure (8)

Delegation status

Secure (2)

Notices

Errors (10)

Warnings (20)

DNSKEY legend

See also