Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2023-10-02 22:05:54 UTC, NTP stratum 4

Analyzing DNSSEC problems for adf.gov

.
Found 3 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
gov
Found 2 DS records for gov in the . zone
DS=7698/SHA-256 has algorithm RSASHA256
DS=64280/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=46780 and DNSKEY=46780 verifies the DS RRset
Found 4 DNSKEY records for gov
DS=7698/SHA-256 verifies DNSKEY=7698/SEP
DS=64280/SHA-256 verifies DNSKEY=64280/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
adf.gov
Found 5 DS records for adf.gov in the gov zone
DS=51142/SHA-1 has algorithm RSASHA1
DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
DS=51142/SHA-256 has algorithm RSASHA1
Found 1 RRSIGs over DS RRset
RRSIG=40921 and DNSKEY=40921 verifies the DS RRset
Found 4 DNSKEY records for adf.gov
None of the 4 DNSKEY records could be validated by any of the 5 DS records
Found 2 RRSIGs over DNSKEY RRset
RRSIG=50088 and DNSKEY=50088/SEP verifies the DNSKEY RRset
The DNSKEY RRset was not signed by any trusted keys
auth111.ns.uu.net is authoritative for adf.gov
adf.gov A RR has value 3.221.42.84
Found 1 RRSIGs over A RRset
RRSIG=56358 and DNSKEY=56358 verifies the A RRset
adf.gov
auth120.ns.uu.net is authoritative for adf.gov
adf.gov A RR has value 3.221.42.84
Found 1 RRSIGs over A RRset
RRSIG=56358 and DNSKEY=56358 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options