DNSSEC Debugger - CRT2014-2024REVIEW.GOV

Domain Name:

Time: 2026-03-24 01:57:32 UTC

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to f.root-servers.net for ./DNSKEY
	Received 1414 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 1414 octets ;; HEADER SECTION ;; id = 19637 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 65535, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831 . 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260412000000 20260322000000 20326 . YJgCBpeAL7jQEYIpS6icQm/XxIy+DU5PNrAT61ive9t9bpx8YsZgKf13hlkg48EvTMjINiG0r8PJ j1SiVDpZizGDdz+7+ipByzsLS7qHj6DviI4GYErjVnXZs3LESvZE/LhSFxyafLjNs9M9elLqEY10 fB4e+L3dDwu0hFR/fTOcYq4euNXE9X46/PANxFWple8XU1L53cnxD0VtQvlkG12thsIKmvMAJ0PH CoWuuYVGS/OSbDxsAHqHEBfqDLD3qjOp5mXA7wguiePv/lPBF963xkfWwpkdFVa/LxlUFu2P/q9G 9lDQ/XvTqfghEQU4v8NBbmrA10HTVs6pVNiGLw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260412000000 20260322000000 20326 . YJgCBpeAL7jQEYIpS6icQm/XxIy+DU5PNrAT61ive9t9bpx8YsZgKf13hlkg48EvTMjINiG0r8PJ j1SiVDpZizGDdz+7+ipByzsLS7qHj6DviI4GYErjVnXZs3LESvZE/LhSFxyafLjNs9M9elLqEY10 fB4e+L3dDwu0hFR/fTOcYq4euNXE9X46/PANxFWple8XU1L53cnxD0VtQvlkG12thsIKmvMAJ0PH CoWuuYVGS/OSbDxsAHqHEBfqDLD3qjOp5mXA7wguiePv/lPBF963xkfWwpkdFVa/LxlUFu2P/q9G 9lDQ/XvTqfghEQU4v8NBbmrA10HTVs6pVNiGLw== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=21831 is now in the chain-of-trust
	DNSKEY=54393 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to k.root-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 629 bytes from 193.0.14.129
	;; Response received from [193.0.14.129] 629 octets ;; HEADER SECTION ;; id = 54831 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260405200000 20260323190000 21831 . RV8YQnGII+U9C4Tr0phbrDTOWuNT0ZwXHrsg3uEmNN8R9eHvoqMfYeau49jjH/038TBYf4yXkqcQ JB4vqdCdzxl+8kfY7P+LqeBrg15N5VMF1JU7apk/adMRRdrWTtYCgWeJ5kKd3a0anbUg1fFRCt5x 0aaSqIHYLn/2B8FmnxfH6eJfDw+P5xc3s/+P5S9k7iSuITJnjt7LraCvG3GLKrCO7nr1Tn8SIaH/ +PC9tPQ5+/FH2eF5+1NCWSMc6eH76s1JDIQQP7xBR2PTWIAWS1xvaP9B715uawI8JW0XUfhPi1FI maLMYnrxWSdRPFP5dvo8WkvZxvZzCgrAGtxiJg== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN A 199.33.231.1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN A 199.33.232.1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN A 199.33.233.1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to b.root-servers.net for GOV/DNSKEY
	Received 610 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 610 octets ;; HEADER SECTION ;; id = 23229 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260405200000 20260323190000 21831 . RV8YQnGII+U9C4Tr0phbrDTOWuNT0ZwXHrsg3uEmNN8R9eHvoqMfYeau49jjH/038TBYf4yXkqcQ JB4vqdCdzxl+8kfY7P+LqeBrg15N5VMF1JU7apk/adMRRdrWTtYCgWeJ5kKd3a0anbUg1fFRCt5x 0aaSqIHYLn/2B8FmnxfH6eJfDw+P5xc3s/+P5S9k7iSuITJnjt7LraCvG3GLKrCO7nr1Tn8SIaH/ +PC9tPQ5+/FH2eF5+1NCWSMc6eH76s1JDIQQP7xBR2PTWIAWS1xvaP9B715uawI8JW0XUfhPi1FI maLMYnrxWSdRPFP5dvo8WkvZxvZzCgrAGtxiJg== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN A 199.33.231.1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN A 199.33.232.1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN A 199.33.233.1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to k.root-servers.net for GOV/DS
	Received 367 bytes from 193.0.14.129
	;; Response received from [193.0.14.129] 367 octets ;; HEADER SECTION ;; id = 42776 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (2 records) GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260405200000 20260323190000 21831 . RV8YQnGII+U9C4Tr0phbrDTOWuNT0ZwXHrsg3uEmNN8R9eHvoqMfYeau49jjH/038TBYf4yXkqcQ JB4vqdCdzxl+8kfY7P+LqeBrg15N5VMF1JU7apk/adMRRdrWTtYCgWeJ5kKd3a0anbUg1fFRCt5x 0aaSqIHYLn/2B8FmnxfH6eJfDw+P5xc3s/+P5S9k7iSuITJnjt7LraCvG3GLKrCO7nr1Tn8SIaH/ +PC9tPQ5+/FH2eF5+1NCWSMc6eH76s1JDIQQP7xBR2PTWIAWS1xvaP9B715uawI8JW0XUfhPi1FI maLMYnrxWSdRPFP5dvo8WkvZxvZzCgrAGtxiJg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for GOV in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`GOV. 86400 IN RRSIG ( DS 8 1 86400 20260405200000 20260323190000 21831 . RV8YQnGII+U9C4Tr0phbrDTOWuNT0ZwXHrsg3uEmNN8R9eHvoqMfYeau49jjH/038TBYf4yXkqcQ JB4vqdCdzxl+8kfY7P+LqeBrg15N5VMF1JU7apk/adMRRdrWTtYCgWeJ5kKd3a0anbUg1fFRCt5x 0aaSqIHYLn/2B8FmnxfH6eJfDw+P5xc3s/+P5S9k7iSuITJnjt7LraCvG3GLKrCO7nr1Tn8SIaH/ +PC9tPQ5+/FH2eF5+1NCWSMc6eH76s1JDIQQP7xBR2PTWIAWS1xvaP9B715uawI8JW0XUfhPi1FI maLMYnrxWSdRPFP5dvo8WkvZxvZzCgrAGtxiJg== )`
	RRSIG=21831 and DNSKEY=21831 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to d.ns.GOV for GOV/DNSKEY
	Received 291 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 291 octets ;; HEADER SECTION ;; id = 4938 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260512110627 20260312110627 2536 gov. Jp4xQtETAEvQ+3ijB95XRnj4yfrDt223TA90BAOvhR7hqWuK/FuykufDJxatoRQyDYeBGksCrHGt XkE32T4wTg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for GOV
	`GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260512110627 20260312110627 2536 gov. Jp4xQtETAEvQ+3ijB95XRnj4yfrDt223TA90BAOvhR7hqWuK/FuykufDJxatoRQyDYeBGksCrHGt XkE32T4wTg== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 47325 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. OEgdZfTeTnRDUMT1X2MNDc49BaEFpyP63mHeTs/9cqDsid6JeBXWRvCJMddXKdddpFIDJg4k6Slx qwo5zJd6dA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. ikS+C+MtH8eXoq6JBuh6U3HkFXORPeImkh2t63BHz7t3NKAsILq3T4gv+zt9prA0EpUBSD9UTy6Q fk98wrM9yQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	c.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 27191 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. gwE4rsUKJwfSrbQEith4rkOqFLajiTCJF6/zZWRWsXLtykvgS7zjlkzsMqKlsCwJYJTzgFwt7LNB 9EHP6EBnuQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. vZtvxkh48wFlKtShe7WZpMKhqcFLNqpWbPiTjmn9Kjusr6Fb2rcK/KgWdkuP/ta5Mke0LZ1cpc4H bW9gmEAzWg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 190 octets ;; HEADER SECTION ;; id = 65493 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. RdZxyO0/P3ltI3oMPXH8oLhd7hrdqSgbkl7gX/GOI8VZ/t5JsV5ppl3IlkNjXHrCmjH3u3Bdvw4d dqlUSX88cQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to b.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 190 octets ;; HEADER SECTION ;; id = 20328 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. VZnc5l30F6EtyBiiFcJbO/5OCmRrqOojuB609fWA8rpv/EUDyIy65VBxYGPANtD9eR3E4ENXzY/h WCD86X4i9g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 190 octets ;; HEADER SECTION ;; id = 34723 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. EMhIX569kaEPdtmVUr+WNLvpeyMf9nkxY6Ljh9emhTtm9+QD8aatMJ/jxNjq7TA4HLdJOc0Gwyxx 09H2hQ1mKg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 7382 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. ahjO7S5T1OABPZFSUhqazjC4gyaRkvSeHGhUtSpbicDjFGpLOEeoRRIrR0N19C663ny7VY7HBA2U 8/a0Ygh+Hw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. EVg4a+GDBymuRbYzISZjGslrPbsbA24djiuR0pZ2ZWP4ncsv/uBVBfG3VdJHWYGWtzqNdmDCeCXh Kii+CtNzTA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. EVg4a+GDBymuRbYzISZjGslrPbsbA24djiuR0pZ2ZWP4ncsv/uBVBfG3VdJHWYGWtzqNdmDCeCXh Kii+CtNzTA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. OEgdZfTeTnRDUMT1X2MNDc49BaEFpyP63mHeTs/9cqDsid6JeBXWRvCJMddXKdddpFIDJg4k6Slx qwo5zJd6dA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 16884 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. grPN89J1pp4GF3gNO2cIlg1g0ltfLY07V66Xmk/4H08CtHiJeOwLcfjNBBbXpZqUqarZzl0IC2uN oOYeEQ1vFg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. gdnhuXxoxw9YHpS+22T/AkledkxTLBhB8JOR1KO+sKzrLUt1mJG0TAERPN+KIFATYxiGanJZCKku SYSFQcyBaw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	b.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 11466 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. 8OE6H4kDcs+WNUjpoONGBSHYy0xkFWdKnKODlTueFR//mMqIoFOOdDs6Hc3OjchiXPY0xfwmpy6b Xf5Zf0XtZw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. WsAqHGvgLx3BIusqHO9/ve6ufwC/8hWRoasodQRkSPfqjoOwvTHiDp/7yype+rcIhbMp5Gxo1ZmC /8wEZyUqUw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 3350 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. 4JuxCdhLXn1uCL/LveQSRZ280e8car9H4drSSNYpnH8gfdEb/dHhjThYlei2er5TvGEunkWIhHcR dn4f3Cwlsw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. 2JBiAo0riWH3r/RVnbDW7NdJcCxIKyLvgIFvyVvi0WsATO/otV1jpUcKNMrwsm553Ru/oQn8aQfS Tt6V/x5jVg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. 2JBiAo0riWH3r/RVnbDW7NdJcCxIKyLvgIFvyVvi0WsATO/otV1jpUcKNMrwsm553Ru/oQn8aQfS Tt6V/x5jVg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. grPN89J1pp4GF3gNO2cIlg1g0ltfLY07V66Xmk/4H08CtHiJeOwLcfjNBBbXpZqUqarZzl0IC2uN oOYeEQ1vFg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 18169 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. 03Oykd6rfTVNkq3w5yof0ESmw2XTlm9i/m4somTKhISTT9EK41miHEagz/JeDxsRdN8lI6tnSynP lGNO09gEMA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. okul4S/PCQH74taj7fUpuDTvctcvtmrCYNyONrHmwGN5Wg+2JEW8Ksoyb4c6/NnHMxKk33DNDXXP Ib0AdS4I5w== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 53821 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. XIJopMt9BPT32Z+P3rGdnEAu91jQe0rGJE+9Fr89JMA+wBOJZYYKURECOZ9Z8dtRSCS0dKYkysAR AmRCnHAQXQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. FBx0antSuyGY3JL9vsn0OKT8T/bTXBrFbayzaLXcfdnyENEblEkdcY2xgAfQdCwjzONB0wwf7cWA GsobA/kbQQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 8853 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. 6aJZ5qcZuf8ApGdDl1pjVDgxp25EslxKe7NQ89RxW78lYiSvReyPUWkDjVcJQ+9VTcyU/HHA/nHY VxK/CxbbSQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. rbE+DW/EN+0Qp9T8uuUvgcgWRoopRRQifVkQZy6Cuba2Zhri1Ng4XYXu573mqx5fS8hcblPdatAb P+V/lnFLBg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. rbE+DW/EN+0Qp9T8uuUvgcgWRoopRRQifVkQZy6Cuba2Zhri1Ng4XYXu573mqx5fS8hcblPdatAb P+V/lnFLBg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. 03Oykd6rfTVNkq3w5yof0ESmw2XTlm9i/m4somTKhISTT9EK41miHEagz/JeDxsRdN8lI6tnSynP lGNO09gEMA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 31483 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. VIcHV7SEd4SSbqAu7zgMzLy6pSDLbvdKfwFqG/twN302eqOEHDaUku8XefPodJu3DUMLZUbyvVig BP4nJyN5yA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. EEj3zZqJEm+sc8IRQ7ejN8KgVSqXaIuox8f/Ev85VFLU8sgoUWiUEomLb+HHA1xf6+LprdQ+eG/x RoFWL7BzEg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	d.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 57338 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. BI8xF0keWPY6JVTuBNVug2sy6rxdFlSI4caZc0VTaEFtXW8D50XVUf0wSOrKuJhWDEsN6By5kQmf rfpWsm+idQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. 1N+odaNMDJ4Bhn5mP9vbzUeIUzfGdtwhkQgt1WlZBTAonjzd9VtnKrwtcz1r6EhjOv4wz/Ta8mlQ Z5TMwRSE5w== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 13752 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1774317016 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. hTWE/ca907buxzO3nk70D0lN6X4ew5tJLWPSB/FiPFVz98V6idd9WMGbwdM84TcQ8qLDxnG/zSW5 8KvrdICkSA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. 6KGXukSvoEvg85eNEJmui3cpoj4csCd5OXQ/VlcV/holHLfr/PFfZpALFkWZbST2ofd1Bz38xdcd a7IY0YBoHQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20260325025732 20260323005732 35496 gov. 6KGXukSvoEvg85eNEJmui3cpoj4csCd5OXQ/VlcV/holHLfr/PFfZpALFkWZbST2ofd1Bz38xdcd a7IY0YBoHQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20260325025732 20260323005732 35496 gov. VIcHV7SEd4SSbqAu7zgMzLy6pSDLbvdKfwFqG/twN302eqOEHDaUku8XefPodJu3DUMLZUbyvVig BP4nJyN5yA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: