icbemp.gov
Updated:
2023-09-18 22:29:30 UTC (219 days ago)
Update now
Notices
DNSSEC Authentication Chain
RRset status
DNSKEY/DS/NSEC status
Secure (8)
- ./DNSKEY (alg 8, id 11019)
- ./DNSKEY (alg 8, id 20326)
- gov/DNSKEY (alg 8, id 10104)
- gov/DNSKEY (alg 8, id 40921)
- gov/DNSKEY (alg 8, id 64280)
- gov/DNSKEY (alg 8, id 7698)
- gov/DS (alg 8, id 7698)
- icbemp.gov/DS (alg 8, id 60541)
Non_existent (1)
- icbemp.gov/DNSKEY (alg 8, id 60541)
Delegation status
Bogus (1)
- gov to icbemp.gov
Secure (1)
- . to gov
Notices
Errors (2)
- gov to icbemp.gov: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone.
- icbemp.gov zone: The following NS name(s) did not resolve to address(es): fsdns1.fs.fed.us, fsdns3.fs.fed.us, fsdns4.fs.fed.us
Warnings (5)
- icbemp.gov zone: No IPv4 addresses were found for NS records in the parent or child zone.
- icbemp.gov/DS (alg 8, id 60541): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
- icbemp.gov/DS (alg 8, id 60541): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
- icbemp.gov/DS (alg 8, id 60541): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
- icbemp.gov/DS (alg 8, id 60541): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
JavaScript is required to make the graph below interactive.
