RRSIG jit.cloud/A alg 8, id 19009: The Signature Expiration field of the RRSIG RR (2024-07-22 07:01:07+00:00) is 10 hours, 59 minutes in the past. See RFC 4035, Sec. 5.3.1.
RRSIG jit.cloud/MX alg 8, id 19009: The Signature Expiration field of the RRSIG RR (2024-07-22 07:01:07+00:00) is 10 hours, 59 minutes in the past. See RFC 4035, Sec. 5.3.1.
RRSIG jit.cloud/NS alg 8, id 19009: The Signature Expiration field of the RRSIG RR (2024-07-22 07:01:07+00:00) is 10 hours, 59 minutes in the past. See RFC 4035, Sec. 5.3.1.
RRSIG jit.cloud/TXT alg 8, id 19009: The Signature Expiration field of the RRSIG RR (2024-07-22 07:01:07+00:00) is 10 hours, 59 minutes in the past. See RFC 4035, Sec. 5.3.1.
cloud to jit.cloud: The DS RRset for the zone included algorithm 5 (RSASHA1), but no DS RR matched a DNSKEY with algorithm 5 that signs the zone's DNSKEY RRset. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN)
jit.cloud/A: The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN)
jit.cloud/DNSKEY (alg 8, id 19009): The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN)
jit.cloud/DNSKEY (alg 8, id 63697): The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN)
jit.cloud/MX: The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_512_D_KN)
jit.cloud/NS: The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN)
jit.cloud/SOA: The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, TCP_-_EDNS0_4096_D_N, UDP_-_EDNS0_4096_D_KN, UDP_-_EDNS0_4096_D_KN_0x20)
jit.cloud/TXT: The DS RRset for the zone included algorithm 5 (RSASHA1), but no RRSIG with algorithm 5 covering the RRset was returned in the response. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (159.69.132.238, 188.40.162.7, UDP_-_EDNS0_4096_D_KN)
jit.cloud/CDS has errors; select the "Denial of existence" DNSSEC option to see them.
jit.cloud/DNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
jit.cloud/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.
gzawi.sm1tb.jit.cloud/A has errors; select the "Denial of existence" DNSSEC option to see them.
jit.cloud/NSEC3PARAM has errors; select the "Denial of existence" DNSSEC option to see them.
jit.cloud/AAAA has errors; select the "Denial of existence" DNSSEC option to see them.
jit.cloud/CDNSKEY has errors; select the "Denial of existence" DNSSEC option to see them.
Warnings (8)
jit.cloud/DS (alg 5, id 47914): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
jit.cloud/DS (alg 5, id 47914): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
jit.cloud/DS (alg 5, id 47914): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
jit.cloud/DS (alg 5, id 47914): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
jit.cloud/DS (alg 8, id 63697): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
jit.cloud/DS (alg 8, id 63697): DNSSEC implementers are prohibited from implementing signing with DS algorithm 1 (SHA-1). See RFC 8624, Sec. 3.2.
jit.cloud/DS (alg 8, id 63697): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.
jit.cloud/DS (alg 8, id 63697): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset. See RFC 4509, Sec. 3.