DNSSEC Debugger - CRT2014-2024REVIEW.GOV

Domain Name:

Time: 2025-12-23 08:16:20 UTC

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to b.root-servers.net for ./DNSKEY
	Received 1414 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 1414 octets ;; HEADER SECTION ;; id = 64172 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831 . 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260110000000 20251220000000 20326 . RZO5FQjtg6Yk0Dara521nCUfYnQxCLAVdbC+buKQVAKlHsZ6srxXHNAL8DMoHohT+PyIlPFAQMb5 fBZatrDaqxpZZ/YbC0A2zxGxOwuOPb1xRbqi6E3zSKfilTRuAux5jN0KYbZZhFxda62e9Hv+2GJs MLixTpiV3RVXtxENI2GPRA8mRRJPBDR7XVQF/2Pz+vjcAW07dp27CrNmQPyZtVjSgw49Jz1rSsAm +EEKO6C7KLG5hmENQr165D3YjMWCs93YhTY8bhWYVqeDtsB1BwoEWkMqSFs4I4+uMd14BHvO6mlq zOZyWC+3kXYTpoAlE0kFhKNv1i54wgHRB+paqw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260110000000 20251220000000 20326 . RZO5FQjtg6Yk0Dara521nCUfYnQxCLAVdbC+buKQVAKlHsZ6srxXHNAL8DMoHohT+PyIlPFAQMb5 fBZatrDaqxpZZ/YbC0A2zxGxOwuOPb1xRbqi6E3zSKfilTRuAux5jN0KYbZZhFxda62e9Hv+2GJs MLixTpiV3RVXtxENI2GPRA8mRRJPBDR7XVQF/2Pz+vjcAW07dp27CrNmQPyZtVjSgw49Jz1rSsAm +EEKO6C7KLG5hmENQr165D3YjMWCs93YhTY8bhWYVqeDtsB1BwoEWkMqSFs4I4+uMd14BHvO6mlq zOZyWC+3kXYTpoAlE0kFhKNv1i54wgHRB+paqw== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=21831 is now in the chain-of-trust
	DNSKEY=61809 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to b.root-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 629 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 629 octets ;; HEADER SECTION ;; id = 42076 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260105050000 20251223040000 61809 . xtxX7e550bkc/GaxnXvuocwpJD4QRWO6Zie+5vH3lEPCa1MOYrNpfN6uRBYVJJvxCbxiMyuRVj4j bdEuIo+U8t/1D7KUE8sXf/N30DTWT+ctrkYanR7rqh6XCT48Z4xlNwB24ec9cNH5Hf+SxetivSy3 yx+Upl3EmGGcQveAXSp4vxDS1YQDjaxGwheeVgN9RJDuDoDjLSv9qC66hxJSeTlgjzEqME54GLTn N4/J6po6nDN/s8UW3eVM/dqa/WjRR1J+EdOAePe+ztChIkYFQpZDIpby6Ggls25zP/LK5oBOIyRT HNUHDTHrFX9tyk33PR7jHcM7DlV2S7boXOkHtQ== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN A 199.33.231.1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN A 199.33.232.1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN A 199.33.233.1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to k.root-servers.net for GOV/DNSKEY
	Received 610 bytes from 193.0.14.129
	;; Response received from [193.0.14.129] 610 octets ;; HEADER SECTION ;; id = 39443 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260105050000 20251223040000 61809 . xtxX7e550bkc/GaxnXvuocwpJD4QRWO6Zie+5vH3lEPCa1MOYrNpfN6uRBYVJJvxCbxiMyuRVj4j bdEuIo+U8t/1D7KUE8sXf/N30DTWT+ctrkYanR7rqh6XCT48Z4xlNwB24ec9cNH5Hf+SxetivSy3 yx+Upl3EmGGcQveAXSp4vxDS1YQDjaxGwheeVgN9RJDuDoDjLSv9qC66hxJSeTlgjzEqME54GLTn N4/J6po6nDN/s8UW3eVM/dqa/WjRR1J+EdOAePe+ztChIkYFQpZDIpby6Ggls25zP/LK5oBOIyRT HNUHDTHrFX9tyk33PR7jHcM7DlV2S7boXOkHtQ== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN A 199.33.231.1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN A 199.33.232.1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN A 199.33.233.1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to i.root-servers.net for GOV/DS
	Received 370 bytes from 192.36.148.17
	;; Response received from [192.36.148.17] 370 octets ;; HEADER SECTION ;; id = 16970 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260105050000 20251223040000 61809 . xtxX7e550bkc/GaxnXvuocwpJD4QRWO6Zie+5vH3lEPCa1MOYrNpfN6uRBYVJJvxCbxiMyuRVj4j bdEuIo+U8t/1D7KUE8sXf/N30DTWT+ctrkYanR7rqh6XCT48Z4xlNwB24ec9cNH5Hf+SxetivSy3 yx+Upl3EmGGcQveAXSp4vxDS1YQDjaxGwheeVgN9RJDuDoDjLSv9qC66hxJSeTlgjzEqME54GLTn N4/J6po6nDN/s8UW3eVM/dqa/WjRR1J+EdOAePe+ztChIkYFQpZDIpby6Ggls25zP/LK5oBOIyRT HNUHDTHrFX9tyk33PR7jHcM7DlV2S7boXOkHtQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for GOV in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20260105050000 20251223040000 61809 . xtxX7e550bkc/GaxnXvuocwpJD4QRWO6Zie+5vH3lEPCa1MOYrNpfN6uRBYVJJvxCbxiMyuRVj4j bdEuIo+U8t/1D7KUE8sXf/N30DTWT+ctrkYanR7rqh6XCT48Z4xlNwB24ec9cNH5Hf+SxetivSy3 yx+Upl3EmGGcQveAXSp4vxDS1YQDjaxGwheeVgN9RJDuDoDjLSv9qC66hxJSeTlgjzEqME54GLTn N4/J6po6nDN/s8UW3eVM/dqa/WjRR1J+EdOAePe+ztChIkYFQpZDIpby6Ggls25zP/LK5oBOIyRT HNUHDTHrFX9tyk33PR7jHcM7DlV2S7boXOkHtQ== )`
	RRSIG=61809 and DNSKEY=61809 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.GOV for GOV/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 57850 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260205110617 20251206110617 2536 gov. nZHIPZZ3z80AAkg8IDRVDprfpie4C0q93y05w0bzGd/fdwD8ocNWH6iMFuJ1B13pIaERw0TJTBOo cbM9gLWhNQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for GOV
	`GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260205110617 20251206110617 2536 gov. nZHIPZZ3z80AAkg8IDRVDprfpie4C0q93y05w0bzGd/fdwD8ocNWH6iMFuJ1B13pIaERw0TJTBOo cbM9gLWhNQ== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 11771 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 6QGD4/d9j2b4N7+aM2RfvvysLd35U0oPq6gSXERK+99WSSr6xvWuOTXIEHfJQ6DSH5pfdmDx0O9f +67J29mwrQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. rDRLb4JdZX+JTLsv/g1HPMnfDz24uLL3u4bXGekkXrPAJR9o1e8ciQZ6dC0WzQiWS9hvn2qEJddd 2qbqnEOirw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	d.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 45738 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. /i/LuJJIQ/66RomYLI4Yl1qw1WG5OfcNI9h67E3GuSwenB8iu5NFBYoKWQ2fJFc+txenfu4qRYEm fhcQbq45Hw== ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. f1K6jB2G73pkkSaVGTo/nrd/z/ECWClxGwpUmmdCyWuXq3N7xS+dZLOF02S1VwSYBJH4Ty+H7/3D dHcb/MIxWQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to c.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 190 octets ;; HEADER SECTION ;; id = 58013 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. KnPNV6EG6qQmQvV+4adVyH2hDJQ9ZbCSw2TczPjUGkFgvi43SW+CYQ0XJ7QMnZn4PQpcK7W/opG7 3Tw2ENSg/w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to b.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 190 octets ;; HEADER SECTION ;; id = 56126 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. +oHYuRmo645gx+iOAKfBEHxZMY1iL9Y/nlAQEWHT5G1ZsPM/nn+6qzsD6elJmh4rpY5/4uA6Q3V/ LqT+wKyHlw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 190 octets ;; HEADER SECTION ;; id = 13076 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. KKL2FlyuwUcYVrxlY1uYxwDMnat0nGnRAkiFgKauwB4vZnNhxqIjOSIox3viP9Ih2tBGf/E/fzvG 7yUwD4Nt+Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 6044 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. OJgZegIsP4YerrjlHmSd7jIc9I6r4ab65uYj2wuqyQ+PHQOVJIl7C/edz7ssiNWxsXW1UwcMFY4+ bL/0RkYlCA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. JLpxUuWHiDLUuP+MkhVjcroeVIPIOnrz/QEhV4WyH0Z1VEoNoNODLvVbEzFh4w1aHkTPszb0jot9 mS1oyiqH1Q== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. JLpxUuWHiDLUuP+MkhVjcroeVIPIOnrz/QEhV4WyH0Z1VEoNoNODLvVbEzFh4w1aHkTPszb0jot9 mS1oyiqH1Q== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 6QGD4/d9j2b4N7+aM2RfvvysLd35U0oPq6gSXERK+99WSSr6xvWuOTXIEHfJQ6DSH5pfdmDx0O9f +67J29mwrQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 16074 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. +elxr+LD1cdzFBzRStc5ATdLH3RQIaMG44iXtRwnFfRmQVcMSEFhvW1E9IdZ1a7d3NyqNQzHdJFU 4il3AEZUiA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. arqMFmydSXNDfHrtVd0GDmth3AHeVEllGfu6TLyBZRv1O4scr4/DqrTQu+GusWmN1BCU1DzL7vw3 X10nQ4N2cQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 22186 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 0KdDq5gvZ/VXUhlLnZE6xyZ2YXA+IJBXEJtSIDOiaiv/4ot12o71U2jaAdJVPUoHNBq6iLOHzdm4 mbG42G8AwA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. BCuoMXrRglvAPwr6gq/UEdN6coQua+XKDLlI4FL7hmb1HJN1mYd/2VjNVqDHplmP8B4t3h4i8neV HIiZrrxjYQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 52203 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 6PqM6lPLyMelvkCWnZwPX/5eKHkTJeYK/Re3P91OBZJ5wwkDreJAOBG94R0u+isVlb/SDbwUsUCN FlFAIMayQw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. dj5ELAHWlPnQXkKMEoCP5S1YK0aisI0vlPsaD3vE1rml+cYn/6KD4aor5bDBeQvi+n+lcq2XfTWI svQZiLqmFA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. dj5ELAHWlPnQXkKMEoCP5S1YK0aisI0vlPsaD3vE1rml+cYn/6KD4aor5bDBeQvi+n+lcq2XfTWI svQZiLqmFA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. +elxr+LD1cdzFBzRStc5ATdLH3RQIaMG44iXtRwnFfRmQVcMSEFhvW1E9IdZ1a7d3NyqNQzHdJFU 4il3AEZUiA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 5662 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 8ynSZfBFuNgO73+7t4/CzO/+uHOCdvjCKRTSxn36x8tzDtDpkhjx5EYVScgJJpFa4lHmJcIWTM1z Fwkz6htakA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. w34h9+o6w/Ms/x7eJmfLUbWbHoB9qIyy3SkolXPUghSZLndgdl/Hgi4Gj6tFedYFSRGgdHuUfz6r Stk69VO/Ig== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	c.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 18580 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. iJygQV9i2pjss2QjVeSbZHXnQ7HbC7A4dNnumyJnArxOD+OriE0VKut2v8Q5xwO1FVBJJtI1B7Lq CKzqhyXt9Q== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. ihDxzKid0FyjKlQQ2qJdGYgiRdUuYG+hghlkTwBIJF2mfB0NMBOZAHDEr8MuX6P6ApmHWxNJaKW4 cU+FyjJbLw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 59830 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. FeH9rISu9uVhM3lKmZlSLNzti6svINTqmAbuFbmIRX4Clzkpq29IcvRcj27zFOHT3MlNvn33euaf lWyvGn1lnw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. vNLLzq4fXqWKkGJ6jlGL2Kaped42rbhlGlbCKcEhTg+3mvJhrUFusH3EDvSo5+QxZyDlaPtCSBGE z9TitjH8uw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. vNLLzq4fXqWKkGJ6jlGL2Kaped42rbhlGlbCKcEhTg+3mvJhrUFusH3EDvSo5+QxZyDlaPtCSBGE z9TitjH8uw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 8ynSZfBFuNgO73+7t4/CzO/+uHOCdvjCKRTSxn36x8tzDtDpkhjx5EYVScgJJpFa4lHmJcIWTM1z Fwkz6htakA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 60594 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. oOsTV21+pBz2nyER9WDvsb239ZSlkxPdBGoP3sSyPyzkj238vpUjXszqjAvtHqKxTPZgb4atU6Ti J0zqWnpIlw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. K+Q6sEFxp+qoBVNKlLFpff01xtBzTQXeac60hSY1eYGtAnlODvyLa0Fc0epDvJRTSqbDOw/PkR2m OIBRiCObcw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	b.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 54087 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. 5/eEWDzJusGbhOUwd27qaz0kE9bT87kfQ0JxF42rBgRMuryqQqE/IdzllhATCZOF1geSdSqtD5Cz thcKCypI4g== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. JO0Sf4KzqArk5zQBJaJUoQME3YP02p01DyN/u9PS4peGZKLrtSIDZM088LJ8/sHIxqt5zlydbcmS Ey3FRKQRGw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 62262 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1766477401 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. /RaUuZfE/06o3dPvBcdbV32F6mFkXiL+gGA1MptECd8SF9E8vFcu6+L8yIFH6AolmkNG3CdZ2jY7 m62gZMGn+g== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. l/vwsgs2ZEhMWkDREM/IiLmi1TBONl0Uzy9rRkrNxLf3+nuwLTlToKYH72ZhHeTltJI8lJ25Kzx6 vpTpj17J1A== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251224091621 20251222071621 35496 gov. l/vwsgs2ZEhMWkDREM/IiLmi1TBONl0Uzy9rRkrNxLf3+nuwLTlToKYH72ZhHeTltJI8lJ25Kzx6 vpTpj17J1A== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251224091621 20251222071621 35496 gov. oOsTV21+pBz2nyER9WDvsb239ZSlkxPdBGoP3sSyPyzkj238vpUjXszqjAvtHqKxTPZgb4atU6Ti J0zqWnpIlw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: