www.cdc.gov

Updated: 2023-07-31 20:53:15 UTC (480 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Ignore RFC 8624:
|?| Ignore RFC 9276:
|?| Multi-signer:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Secure (3)

www.akam.cdc.gov/A
www.akam.cdc.gov/AAAA
www.cdc.gov/CNAME

DNSKEY/DS/NSEC status

Secure (13)

./DNSKEY (alg 8, id 11019)
./DNSKEY (alg 8, id 20326)
akam.cdc.gov/DNSKEY (alg 10, id 1993)
akam.cdc.gov/DNSKEY (alg 10, id 22623)
akam.cdc.gov/DNSKEY (alg 10, id 33263)
akam.cdc.gov/DNSKEY (alg 10, id 43872)
akam.cdc.gov/DS (alg 10, id 1993)
cdc.gov/DNSKEY (alg 7, id 54678)
cdc.gov/DNSKEY (alg 7, id 8699)
cdc.gov/DS (alg 7, id 54678)
gov/DNSKEY (alg 8, id 40921)
gov/DNSKEY (alg 8, id 7698)
gov/DS (alg 8, id 7698)

Delegation status

Secure (3)

. to gov
cdc.gov to akam.cdc.gov
gov to cdc.gov

Notices

Errors (1)

cdc.gov/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.

Warnings (20)

RRSIG akam.cdc.gov/DNSKEY alg 10, id 1993: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 1993: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 1993: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 1993: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 22623: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 22623: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 22623: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DNSKEY alg 10, id 22623: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG akam.cdc.gov/DS alg 7, id 8699: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG cdc.gov/DNSKEY alg 7, id 54678: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG cdc.gov/DNSKEY alg 7, id 54678: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG cdc.gov/DNSKEY alg 7, id 8699: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG cdc.gov/DNSKEY alg 7, id 8699: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG www.akam.cdc.gov/A alg 10, id 33263: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG www.akam.cdc.gov/AAAA alg 10, id 33263: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 10 (RSASHA512). See RFC 8624, Sec. 3.1.
RRSIG www.cdc.gov/CNAME alg 7, id 8699: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
RRSIG www.cdc.gov/CNAME alg 7, id 8699: DNSSEC implementers are recommended against implementing signing with DNSSEC algorithm 7 (RSASHA1NSEC3SHA1). See RFC 8624, Sec. 3.1.
gov to cdc.gov: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the gov zone): icdc-us-ns1.cdc.gov, icdc-us-ns3.cdc.gov, icdc-us-ns2.cdc.gov See RFC 1034, Sec. 4.2.2.
gov to cdc.gov: The following NS name(s) were found in the delegation NS RRset (i.e., in the gov zone), but not in the authoritative NS RRset: auth00.ns.uu.net, auth100.ns.uu.net See RFC 1034, Sec. 4.2.2.
cdc.gov/CNAME has warnings; select the "Denial of existence" DNSSEC option to see them.

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

www.cdc.gov

RRset status

Secure (3)

DNSKEY/DS/NSEC status

Secure (13)

Delegation status

Secure (3)

Notices

Errors (1)

Warnings (20)

DNSKEY legend

See also