Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2020-07-07 20:04:36 UTC, NTP stratum 4

Analyzing DNSSEC problems for HUD.GOV

.
Found 3 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
GOV
Found 2 DS records for GOV in the . zone
DS=7698/SHA-1 has algorithm RSASHA256
DS=7698/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=46594 and DNSKEY=46594 verifies the DS RRset
Found 2 DNSKEY records for GOV
DS=7698/SHA-1 verifies DNSKEY=7698/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
HUD.GOV
Found 2 DS records for HUD.GOV in the GOV zone
DS=1593/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
DS=1593/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
Found 1 RRSIGs over DS RRset
RRSIG=40176 and DNSKEY=40176 verifies the DS RRset
Found 4 DNSKEY records for HUD.GOV
DS=1593/SHA-256 verifies DNSKEY=1593/SEP
Found 2 RRSIGs over DNSKEY RRset
RRSIG=1593 is expired
RRSIG=3542 is expired
None of the 2 RRSIG and 4 DNSKEY records validate the DNSKEY RRset
The DNSKEY RRset was not signed by any keys in the chain-of-trust
hudgater.hud.gov serial (143597090) differs from ns1.hud.gov serial (2020060503)
All Queries to ns3.hud.gov for HUD.GOV/SOA timed out or failed
HUD.GOV A RR has value 170.97.67.13
Found 1 RRSIGs over A RRset
RRSIG=3542 is expired
None of the 1 RRSIG and 4 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test HUD.GOV at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options