www.cga.gov.tw

Updated: 2020-07-10 04:59:47 UTC (1974 days ago) Go to most recent »

DNSSEC options (hide)

Notices

DNSSEC Authentication Chain

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 46594)
./DNSKEY (alg 8, id 48903)
cga.gov.tw/DS (alg 7, id 8691)
gov.tw/DNSKEY (alg 8, id 19435)
gov.tw/DNSKEY (alg 8, id 43578)
gov.tw/DNSKEY (alg 8, id 60108)
gov.tw/DS (alg 8, id 19435)
gov.tw/DS (alg 8, id 514)
tw/DNSKEY (alg 8, id 40792)
tw/DNSKEY (alg 8, id 58611)
tw/DS (alg 8, id 40792)

cga.gov.tw zone: The server(s) were not responsive to queries over UDP. See RFC 1035, Sec. 4.2. (2001:4420:6047:fffe::250, 2001:4420:6047:ffff::250)
gov.tw to cga.gov.tw: No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (210.241.92.250, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
gov.tw to cga.gov.tw: The DS RRset for the zone included algorithm 7 (RSASHA1NSEC3SHA1), but no DS RR matched a DNSKEY with algorithm 7 that signs the zone's DNSKEY RRset. See RFC 4035, Sec. 2.2, RFC 6840, Sec. 5.11. (210.241.92.250, UDP_-_EDNS0_4096_D_K, UDP_-_EDNS0_512_D_K)
www.cga.gov.tw/A: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (210.241.92.250, UDP_-_EDNS0_4096_D_K)
www.cga.gov.tw/AAAA: No RRSIG covering the RRset was returned in the response. See RFC 4035, Sec. 3.1.1. (210.241.92.250, UDP_-_EDNS0_4096_D_K)
cga.gov.tw/CNAME has errors; select the "Denial of existence" DNSSEC option to see them.

gov.tw to cga.gov.tw: The glue address(es) for dns.cga.gov.tw (2001:4420:6047:fffe::250) differed from its authoritative address(es) (2001:4420:6047:ffff::250). See RFC 1034, Sec. 4.2.2.