Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2019-04-20 03:06:53 UTC, NTP stratum 4

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

.
Found 2 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
GOV
Found 2 DS records for GOV in the . zone
DS=7698/SHA-1 has algorithm RSASHA256
DS=7698/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=25266 and DNSKEY=25266 verifies the DS RRset
Found 3 DNSKEY records for GOV
DS=7698/SHA-1 verifies DNSKEY=7698/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
CRT2014-2024REVIEW.GOV
Found 2 DS records for CRT2014-2024REVIEW.GOV in the GOV zone
DS=13106/SHA-256 has algorithm RSASHA256
DS=52270/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=43583 and DNSKEY=43583 verifies the DS RRset
Found 4 DNSKEY records for CRT2014-2024REVIEW.GOV
DS=52270/SHA-256 verifies DNSKEY=52270/SEP
DS=13106/SHA-256 verifies DNSKEY=13106/SEP
Found 4 RRSIGs over DNSKEY RRset
RRSIG=23923 and DNSKEY=23923 does not verify the DNSKEY RRset (signature verification failed)
RRSIG=9084 and DNSKEY=9084 does not verify the DNSKEY RRset (signature verification failed)
RRSIG=52270 and DNSKEY=52270/SEP verifies the DNSKEY RRset
CRT2014-2024REVIEW.GOV A RR has value 170.160.42.18
Found 2 RRSIGs over A RRset
RRSIG=23923 and DNSKEY=23923 does not verify the A RRset (signature verification failed)
RRSIG=9084 and DNSKEY=9084 does not verify the A RRset (signature verification failed)
None of the 2 RRSIG and 4 DNSKEY records validate the A RRset
The A RRset was not signed by any keys in the chain-of-trust

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options