harley-davidson.com

Updated: 2023-02-12 11:36:25 UTC (660 days ago) Go to most recent »

DNSSEC options (hide)

Notices

DNSSEC Authentication Chain

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 951)
com/DNSKEY (alg 8, id 30909)
com/DNSKEY (alg 8, id 36739)
com/DS (alg 8, id 30909)
harley-davidson.com/DNSKEY (alg 13, id 16632)
harley-davidson.com/DNSKEY (alg 13, id 57333)
harley-davidson.com/DS (alg 13, id 57333)
harley-davidson.com/DS (alg 13, id 57333)

RRSIG harley-davidson.com/AAAA alg 13, id 16632: The TTL of the RRset (300) exceeds the value of the Original TTL field of the RRSIG RR covering it (161). See RFC 4035, Sec. 2.2.
harley-davidson.com/AAAA: DNSSEC was effectively downgraded because the response had an invalid RCODE (SERVFAIL) with EDNS enabled. See RFC 6891, Sec. 7, RFC 2671, Sec. 5.3. (204.74.115.1, UDP_-_NOEDNS_)
harley-davidson.com/AAAA: The DNSSEC records necessary to validate the response could not be retrieved from the server. See RFC 4035, Sec. 3.1.1, RFC 4035, Sec. 3.1.3. (204.74.115.1, UDP_-_EDNS0_4096_D_KN)
harley-davidson.com/AAAA: The response had an invalid RCODE (SERVFAIL) until EDNS was disabled (however, this server appeared to respond legitimately to other queries with EDNS enabled). See RFC 6891, Sec. 6.2.6. (204.74.115.1, UDP_-_EDNS0_4096_D_KN)

harley-davidson.com/DS (alg 13, id 57333): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
harley-davidson.com/DS (alg 13, id 57333): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
harley-davidson.com/DS (alg 13, id 57333): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
harley-davidson.com/DS (alg 13, id 57333): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.