Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2023-03-23 21:46:37 UTC, NTP stratum 4

Analyzing DNSSEC problems for capitolgiftshop.gov

.
Found 3 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
gov
Found 1 DS records for gov in the . zone
DS=7698/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=951 and DNSKEY=951 verifies the DS RRset
Found 2 DNSKEY records for gov
DS=7698/SHA-256 verifies DNSKEY=7698/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
capitolgiftshop.gov
Found 2 DS records for capitolgiftshop.gov in the gov zone
DS=62962/SHA-1 has algorithm RSASHA256
DS=62962/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=24250 and DNSKEY=24250 verifies the DS RRset
Found 3 DNSKEY records for capitolgiftshop.gov
DS=62962/SHA-1 verifies DNSKEY=62962/SEP
Found 2 RRSIGs over DNSKEY RRset
RRSIG=13806 and DNSKEY=13806 verifies the DNSKEY RRset
ns3.comcastbusiness.net is authoritative for capitolgiftshop.gov
ns2.aoc.gov serial (1705) differs from authns1.centurylink.net serial (1704)
ns1.aoc.gov serial (1705) differs from authns1.centurylink.net serial (1704)
Found 1 RRSIGs over NSEC RRset
RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
NSEC proves no records of type A exist for capitolgiftshop.gov
Found 1 RRSIGs over SOA RRset
RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset
capitolgiftshop.gov
ns1.aoc.gov is authoritative for capitolgiftshop.gov
Found 1 RRSIGs over NSEC RRset
RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
NSEC proves no records of type A exist for capitolgiftshop.gov
Found 1 RRSIGs over SOA RRset
RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset
capitolgiftshop.gov
authns2.centurylink.net is authoritative for capitolgiftshop.gov
Found 1 RRSIGs over NSEC RRset
RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
NSEC proves no records of type A exist for capitolgiftshop.gov
Found 1 RRSIGs over SOA RRset
RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset
capitolgiftshop.gov
authns1.centurylink.net is authoritative for capitolgiftshop.gov
Found 1 RRSIGs over NSEC RRset
RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
NSEC proves no records of type A exist for capitolgiftshop.gov
Found 1 RRSIGs over SOA RRset
RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset
capitolgiftshop.gov
ns2.comcastbusiness.net is authoritative for capitolgiftshop.gov
Found 1 RRSIGs over NSEC RRset
RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
NSEC proves no records of type A exist for capitolgiftshop.gov
Found 1 RRSIGs over SOA RRset
RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset
capitolgiftshop.gov
ns2.aoc.gov is authoritative for capitolgiftshop.gov
Found 1 RRSIGs over NSEC RRset
RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
NSEC proves no records of type A exist for capitolgiftshop.gov
Found 1 RRSIGs over SOA RRset
RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test capitolgiftshop.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options