Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2018-12-18 11:09:10 UTC, NTP stratum 4

Analyzing DNSSEC problems for HEALTHINDICATORS.GOV

.
Found 3 DNSKEY records for .
DS=19036/SHA-256 verifies DNSKEY=19036/SEP
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
GOV
Found 2 DS records for GOV in the . zone
DS=7698/SHA-1 has algorithm RSASHA256
DS=7698/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=2134 and DNSKEY=2134 verifies the DS RRset
Found 2 DNSKEY records for GOV
DS=7698/SHA-1 verifies DNSKEY=7698/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
HEALTHINDICATORS.GOV
Found 2 DS records for HEALTHINDICATORS.GOV in the GOV zone
DS=46120/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
DS=46120/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
Found 1 RRSIGs over DS RRset
RRSIG=40499 and DNSKEY=40499 verifies the DS RRset
Found 2 DNSKEY records for HEALTHINDICATORS.GOV
DS=46120/SHA-1 verifies DNSKEY=46120/SEP
Found 2 RRSIGs over DNSKEY RRset
RRSIG=33873 and DNSKEY=33873 verifies the DNSKEY RRset
ns3.cdc.gov serial (556896234) differs from ns2.cdc.gov serial (563741083)
HEALTHINDICATORS.GOV A RR has value 64.191.212.230
Found 1 RRSIGs over A RRset
RRSIG=35595 is expired
None of the 1 RRSIG and 2 DNSKEY records validate the A RRset
The A RRset was not signed by any keys in the chain-of-trust

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test HEALTHINDICATORS.GOV at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options