Back to Verisign Labs Tools
Domain Name: Detail: more(+) / less(-) Time: 2024-07-19 16:03:23 UTC

Analyzing DNSSEC problems for forms.gov

.
Found 2 DNSKEY records for .
DS=20326/SHA-256 verifies DNSKEY=20326/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
gov
Found 1 DS records for gov in the . zone
DS=2536/SHA-256 has algorithm ECDSAP256SHA256
Found 1 RRSIGs over DS RRset
RRSIG=20038 and DNSKEY=20038 verifies the DS RRset
Found 2 DNSKEY records for gov
DS=2536/SHA-256 verifies DNSKEY=2536/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
forms.gov
Found 3 DS records for forms.gov in the gov zone
DS=50240/SHA-256 has algorithm RSASHA256
DS=52831/SHA-256 has algorithm RSASHA256
DS=65507/SHA-256 has algorithm RSASHA256
Found 1 RRSIGs over DS RRset
RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
Found 2 DNSKEY records for forms.gov
None of the 2 DNSKEY records could be validated by any of the 3 DS records
Found 2 RRSIGs over DNSKEY RRset
RRSIG=11755 and DNSKEY=11755/SEP verifies the DNSKEY RRset
The DNSKEY RRset was not signed by any trusted keys
dns3.gsa.gov is authoritative for forms.gov
forms.gov A RR has value 23.22.13.113
Found 1 RRSIGs over A RRset
RRSIG=46791 and DNSKEY=46791 verifies the A RRset
forms.gov
dns.gsa.gov is authoritative for forms.gov
forms.gov A RR has value 23.22.13.113
Found 1 RRSIGs over A RRset
RRSIG=46791 and DNSKEY=46791 verifies the A RRset
forms.gov
dns2.gsa.gov is authoritative for forms.gov
forms.gov A RR has value 23.22.13.113
Found 1 RRSIGs over A RRset
RRSIG=46791 and DNSKEY=46791 verifies the A RRset
forms.gov
dns5.gsa.gov is authoritative for forms.gov
forms.gov A RR has value 23.22.13.113
Found 1 RRSIGs over A RRset
RRSIG=46791 and DNSKEY=46791 verifies the A RRset
forms.gov
dns4.gsa.gov is authoritative for forms.gov
forms.gov A RR has value 23.22.13.113
Found 1 RRSIGs over A RRset
RRSIG=46791 and DNSKEY=46791 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options