macpac.gov

Updated: 2024-01-03 17:45:51 UTC (137 days ago) Go to most recent »

DNSSEC options (hide)

Notices

DNSSEC Authentication Chain

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 30903)
./DNSKEY (alg 8, id 46780)
gov/DNSKEY (alg 8, id 10104)
gov/DNSKEY (alg 8, id 49735)
gov/DNSKEY (alg 8, id 64280)
gov/DS (alg 8, id 64280)
macpac.gov/DS (alg 10, id 65286)

gov to macpac.gov: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. (216.59.57.7, 216.59.60.7, 2602:ffe2:54::7, TCP_-_EDNS0_4096_D_KN)
macpac.gov/DS (alg 10, id 65286): The cryptographic hash in the Digest field of the DS RR does not match the computed value.
macpac.gov/DS (alg 10, id 65286): The cryptographic hash in the Digest field of the DS RR does not match the computed value.

RRSIG macpac.gov/A alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/DNSKEY alg 10, id 65286: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/DNSKEY alg 10, id 65286: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/MX alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/NS alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/SOA alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).
RRSIG macpac.gov/TXT alg 10, id 22386: DNSSEC specification recommends not signing with DNSSEC algorithm 10 (RSASHA512).