www.usembassy.gov

Updated: 2020-12-10 15:54:22 UTC (840 days ago) Go to most recent »

DNSSEC options (hide)

|?| RR types:
|?| DNSSEC algorithms:
|?| DS digest algorithms:
|?| Denial of existence:
|?| Redundant edges:
|?| Trust anchors:
- Root zone KSK
|?| Additional trusted keys:

Notices

DNSSEC Authentication Chain

RRset status

Bogus (1)

www.usembassy.gov/CNAME

Insecure (9)

akamaiedge.net/SOA
e11540.dscb.akamaiedge.net.0.1.cn.akamaiedge.net/A
e11540.dscb.akamaiedge.net.0.1.cn.akamaiedge.net/AAAA
e11540.dscb.akamaiedge.net.0.1.cn.akamaiedge.net/AAAA
e11540.dscb.akamaiedge.net/A
e11540.dscb.akamaiedge.net/AAAA
e11540.dscb.akamaiedge.net/AAAA
e11540.dscb.akamaiedge.net/CNAME
wildcard.usembassy.gov.edgekey.net/CNAME

Secure (3)

net/SOA
net/SOA
net/SOA

DNSKEY/DS/NSEC status

Secure (16)

./DNSKEY (alg 8, id 20326)
./DNSKEY (alg 8, id 26116)
NSEC3 proving non-existence of akamaiedge.net/DS
NSEC3 proving non-existence of edgekey.net/DS
gov/DNSKEY (alg 8, id 15489)
gov/DNSKEY (alg 8, id 7698)
gov/DS (alg 8, id 7698)
gov/DS (alg 8, id 7698)
net/DNSKEY (alg 8, id 15314)
net/DNSKEY (alg 8, id 35886)
net/DS (alg 8, id 35886)
usembassy.gov/DNSKEY (alg 8, id 11080)
usembassy.gov/DNSKEY (alg 8, id 1129)
usembassy.gov/DNSKEY (alg 8, id 21715)
usembassy.gov/DS (alg 8, id 11080)
usembassy.gov/DS (alg 8, id 11080)

Delegation status

Insecure (4)

akamaiedge.net to cn.akamaiedge.net
akamaiedge.net to dscb.akamaiedge.net
net to akamaiedge.net
net to edgekey.net

Secure (3)

. to gov
. to net
gov to usembassy.gov

Notices

Errors (2)

RRSIG www.usembassy.gov/CNAME alg 8, id 21715: The cryptographic signature of the RRSIG RR does not properly validate.
RRSIG www.usembassy.gov/CNAME alg 8, id 21715: The cryptographic signature of the RRSIG RR does not properly validate.

Warnings (26)

akamaiedge.net to cn.akamaiedge.net: The glue address(es) for n1cn.akamaiedge.net (2600:1403:9:f000:ce44::, 2600:1403:9:f000:ce46:dc72:9ccd:dcf8) differed from its authoritative address(es) (2600:1403:9:f000:ce46:dc72:9ccd:dcf8).
akamaiedge.net to cn.akamaiedge.net: The glue address(es) for n2cn.akamaiedge.net (23.200.73.219, 23.200.73.222) differed from its authoritative address(es) (23.200.73.219).
akamaiedge.net to cn.akamaiedge.net: The glue address(es) for n3cn.akamaiedge.net (23.200.73.217, 23.200.73.223) differed from its authoritative address(es) (23.200.73.223).
akamaiedge.net to cn.akamaiedge.net: The glue address(es) for n4cn.akamaiedge.net (23.200.73.216, 23.200.73.218) differed from its authoritative address(es) (23.200.73.216).
akamaiedge.net to cn.akamaiedge.net: The glue address(es) for n5cn.akamaiedge.net (23.200.73.216, 23.200.73.221) differed from its authoritative address(es) (23.200.73.221).
akamaiedge.net to cn.akamaiedge.net: The glue address(es) for n6cn.akamaiedge.net (23.200.73.220, 23.200.73.223) differed from its authoritative address(es) (23.200.73.220).
akamaiedge.net to dscb.akamaiedge.net: The glue address(es) for n1dscb.akamaiedge.net (23.61.195.168, 23.61.195.184) differed from its authoritative address(es) (23.61.195.184).
akamaiedge.net to dscb.akamaiedge.net: The glue address(es) for n2dscb.akamaiedge.net (23.61.195.181, 23.61.195.185) differed from its authoritative address(es) (23.61.195.181).
akamaiedge.net to dscb.akamaiedge.net: The glue address(es) for n3dscb.akamaiedge.net (23.61.195.164, 23.61.195.184) differed from its authoritative address(es) (23.61.195.164).
akamaiedge.net to dscb.akamaiedge.net: The glue address(es) for n4dscb.akamaiedge.net (23.61.195.167, 63.141.195.111) differed from its authoritative address(es) (23.61.195.167).
akamaiedge.net to dscb.akamaiedge.net: The glue address(es) for n6dscb.akamaiedge.net (23.61.195.165, 23.61.195.185) differed from its authoritative address(es) (23.61.195.185).
akamaiedge.net to dscb.akamaiedge.net: The glue address(es) for n7dscb.akamaiedge.net (23.61.195.166, 63.141.195.103) differed from its authoritative address(es) (63.141.195.103).
e11540.dscb.akamaiedge.net/CNAME: The server returned CNAME for e11540.dscb.akamaiedge.net, but records of other types exist at that name.
gov/DS (alg 8, id 7698): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
gov/DS (alg 8, id 7698): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
gov/DS (alg 8, id 7698): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
gov/DS (alg 8, id 7698): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
net to akamaiedge.net: Authoritative AAAA records exist for a11-192.akamaiedge.net, but there are no corresponding AAAA glue records.
net to edgekey.net: Authoritative AAAA records exist for a13-65.akam.net, but there are no corresponding AAAA glue records.
net to edgekey.net: Authoritative AAAA records exist for a5-65.akam.net, but there are no corresponding AAAA glue records.
net to edgekey.net: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the net zone): a11-65.akam.net, ns1-2.akam.net, a9-65.akam.net, a3-65.akam.net
net to edgekey.net: The following NS name(s) were found in the delegation NS RRset (i.e., in the net zone), but not in the authoritative NS RRset: ns1-66.akam.net, ns4-66.akam.net, ns5-66.akam.net, ns7-65.akam.net
usembassy.gov/DS (alg 8, id 11080): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
usembassy.gov/DS (alg 8, id 11080): DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1).
usembassy.gov/DS (alg 8, id 11080): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.
usembassy.gov/DS (alg 8, id 11080): DS records with digest type 1 (SHA-1) are ignored when DS records with digest type 2 (SHA-256) exist in the same RRset.

DNSKEY legend

Full legend

	SEP bit set
	Revoke bit set
	Trust anchor

www.usembassy.gov

RRset status

Bogus (1)

Insecure (9)

Secure (3)

DNSKEY/DS/NSEC status

Secure (16)

Delegation status

Insecure (4)

Secure (3)

Notices

Errors (2)

Warnings (26)

DNSKEY legend

See also