DNSSEC Analyzer - CRT2014-2024REVIEW.GOV

Back to Verisign Labs Tools

Domain Name:

Detail: more(+) / less(-)

Time: 2019-04-20 03:06:53 UTC, NTP stratum 4

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

DS=19036/SHA-256 is now in the chain-of-trust

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 )`
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to g.root-servers.net for ./DNSKEY
	Error querying g.root-servers.net/2001:500:12:0:0:0:0:d0d for ./DNSKEY: 'IPv6 transport disabled'
	Received 864 bytes from 192.112.36.4
	;; Answer received from 192.112.36.4 (864 bytes) ;; HEADER SECTION ;; id = 5057 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAeVDC34GZILwsQJy97K2Fst4P3XYZrXLyrkausYzSqEjSUulgh+iLgHg0y7FIF890+sIjXsk 7KLJUmCOWfYWPorNKEOKLk5Zx/4M6D3IHZE3O3m/Eahrc28qQzmTLxiMZAW65MvR2UO3LxVtYOPB EBiDgAQD47x2JLsJYtavCzNL5WiUk59OgvHmDqmcC7VXYBhK8V8Tic089XJgExGeplKWUt9yyc31 ra1swJX51XsOaQz17+vyLVH8AZP26KvKFiZeoRbaq6vl+hc8HQnI2ug5rA2zoz3MsSQBvP1f/Hvq sWxLqwXXKyDD1QM639U+XzVB8CYigyscRP22QCnwKIU= ) ; Key ID = 25266 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20190502000000 20190411000000 20326 . kquHnaziV2mG5TuwV6/NotYIe6Jkf2tLUNkCkR89a97gGLzCVZGtCrq5qLM+pvgru2Jji3h4w7dI h1oalr3fMmrAuX+hcbBYI2H/JzfTCvo1i3gZf/ZYIelFSD19cjgFaGl7sxXcLGuMXQaozHJ4K46l VEClvyy4crkbAuSxA4045om/9eRfxw+C2OMHhrZJIu59m9+oK8kiaxiAq/cufmQI4eCLJtfwVC6X f2H+jkoXQHklFvdrCJvw+WiXQezmN2rGy2ihUda3DBEcTujyhG1a6oqR71EF6dyjhv8Lqn8vFv78 XD54lrf8eCj4RZK69Nl3pQpNdRYFcAXLPr4psg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeVDC34GZILwsQJy97K2Fst4P3XYZrXLyrkausYzSqEjSUulgh+iLgHg0y7FIF890+sIjXsk 7KLJUmCOWfYWPorNKEOKLk5Zx/4M6D3IHZE3O3m/Eahrc28qQzmTLxiMZAW65MvR2UO3LxVtYOPB EBiDgAQD47x2JLsJYtavCzNL5WiUk59OgvHmDqmcC7VXYBhK8V8Tic089XJgExGeplKWUt9yyc31 ra1swJX51XsOaQz17+vyLVH8AZP26KvKFiZeoRbaq6vl+hc8HQnI2ug5rA2zoz3MsSQBvP1f/Hvq sWxLqwXXKyDD1QM639U+XzVB8CYigyscRP22QCnwKIU= ) ; Key ID = 25266`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	DS=19036/SHA-256 is published, but a corresponding DNSKEY is not
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20190502000000 20190411000000 20326 . kquHnaziV2mG5TuwV6/NotYIe6Jkf2tLUNkCkR89a97gGLzCVZGtCrq5qLM+pvgru2Jji3h4w7dI h1oalr3fMmrAuX+hcbBYI2H/JzfTCvo1i3gZf/ZYIelFSD19cjgFaGl7sxXcLGuMXQaozHJ4K46l VEClvyy4crkbAuSxA4045om/9eRfxw+C2OMHhrZJIu59m9+oK8kiaxiAq/cufmQI4eCLJtfwVC6X f2H+jkoXQHklFvdrCJvw+WiXQezmN2rGy2ihUda3DBEcTujyhG1a6oqR71EF6dyjhv8Lqn8vFv78 XD54lrf8eCj4RZK69Nl3pQpNdRYFcAXLPr4psg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=25266 is now in the chain-of-trust
	Query to j.root-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 677 bytes from 192.58.128.30
	;; Answer received from 192.58.128.30 (677 bytes) ;; HEADER SECTION ;; id = 14996 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) GOV. 172800 IN NS a.gov-servers.net. GOV. 172800 IN NS b.gov-servers.net. GOV. 172800 IN NS c.gov-servers.net. GOV. 172800 IN NS d.gov-servers.net. GOV. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe GOV. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20190502170000 20190419160000 25266 . JNR110HTPcViZ86tz1CmK3VDl+PYDeeLUuYbewYRH+uzpdEEI7sOoscfZyxYqJeqdhVc22/77fWK Klso1LC2gtXreVX+MMNi9vu4NMeboI5L9VeMc1wN7gjwJpbY4hLbRM2lcwpJjEI57ZjOIxk/WH5e HGF6GKSt3F43iHp5F3jjYLHd4uVZFbnSetTKA86TF8VZB1HLK3lOCCjRUIU1B2mZ60SO3ondbGTU BAxYe4StheLZ21xzAlBt8m6aSWQCg8ia9xoup3woUb8P8DpBbvKAj5/BjVx72r1kTp0/U42JpZpA o7nJJOSrqvjR46Iy8W7K/UvgccuJTyZOCOelIA== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Query to g.root-servers.net for GOV/DNSKEY
	Received 661 bytes from 192.112.36.4
	;; Answer received from 192.112.36.4 (661 bytes) ;; HEADER SECTION ;; id = 36218 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe gov. 86400 IN RRSIG ( DS 8 1 86400 20190502170000 20190419160000 25266 . JNR110HTPcViZ86tz1CmK3VDl+PYDeeLUuYbewYRH+uzpdEEI7sOoscfZyxYqJeqdhVc22/77fWK Klso1LC2gtXreVX+MMNi9vu4NMeboI5L9VeMc1wN7gjwJpbY4hLbRM2lcwpJjEI57ZjOIxk/WH5e HGF6GKSt3F43iHp5F3jjYLHd4uVZFbnSetTKA86TF8VZB1HLK3lOCCjRUIU1B2mZ60SO3ondbGTU BAxYe4StheLZ21xzAlBt8m6aSWQCg8ia9xoup3woUb8P8DpBbvKAj5/BjVx72r1kTp0/U42JpZpA o7nJJOSrqvjR46Iy8W7K/UvgccuJTyZOCOelIA== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to e.root-servers.net for GOV/DS
	Error querying e.root-servers.net/2001:500:a8:0:0:0:0:e for GOV/DS: 'IPv6 transport disabled'
	Received 403 bytes from 192.203.230.10
	;; Answer received from 192.203.230.10 (403 bytes) ;; HEADER SECTION ;; id = 6453 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (3 records) GOV. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe GOV. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20190502170000 20190419160000 25266 . JNR110HTPcViZ86tz1CmK3VDl+PYDeeLUuYbewYRH+uzpdEEI7sOoscfZyxYqJeqdhVc22/77fWK Klso1LC2gtXreVX+MMNi9vu4NMeboI5L9VeMc1wN7gjwJpbY4hLbRM2lcwpJjEI57ZjOIxk/WH5e HGF6GKSt3F43iHp5F3jjYLHd4uVZFbnSetTKA86TF8VZB1HLK3lOCCjRUIU1B2mZ60SO3ondbGTU BAxYe4StheLZ21xzAlBt8m6aSWQCg8ia9xoup3woUb8P8DpBbvKAj5/BjVx72r1kTp0/U42JpZpA o7nJJOSrqvjR46Iy8W7K/UvgccuJTyZOCOelIA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DS records for GOV in the . zone
	DS=7698/SHA-1 has algorithm RSASHA256
	DS=7698/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`GOV. 86400 IN RRSIG ( DS 8 1 86400 20190502170000 20190419160000 25266 . JNR110HTPcViZ86tz1CmK3VDl+PYDeeLUuYbewYRH+uzpdEEI7sOoscfZyxYqJeqdhVc22/77fWK Klso1LC2gtXreVX+MMNi9vu4NMeboI5L9VeMc1wN7gjwJpbY4hLbRM2lcwpJjEI57ZjOIxk/WH5e HGF6GKSt3F43iHp5F3jjYLHd4uVZFbnSetTKA86TF8VZB1HLK3lOCCjRUIU1B2mZ60SO3ondbGTU BAxYe4StheLZ21xzAlBt8m6aSWQCg8ia9xoup3woUb8P8DpBbvKAj5/BjVx72r1kTp0/U42JpZpA o7nJJOSrqvjR46Iy8W7K/UvgccuJTyZOCOelIA== )`
	RRSIG=25266 and DNSKEY=25266 verifies the DS RRset
	DS=7698/SHA-1 is now in the chain-of-trust
	`GOV. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe`
	`GOV. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	Query to b.gov-servers.net for GOV/DNSKEY
	Error querying b.gov-servers.net/2620:74:27:0:0:0:2:30 for GOV/DNSKEY: 'IPv6 transport disabled'
	Received 889 bytes from 209.112.123.30
	;; Answer received from 209.112.123.30 (889 bytes) ;; HEADER SECTION ;; id = 38 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (4 records) GOV. 86400 IN DNSKEY ( 256 3 8 AQO1oAFyB/QSuf32vdl3Yp+o83rKLBdvjsz13AdVp8EooKwa6DL4D8G+e3PanKAJyWEiRpNQIAl2 Ra6JuC7DCiEPBziclmFygf2XGdY4qirPqVemcHHKNoVIMNUteughuiPaqlFY8gTZajQ02ZizqiYK +LRxpPs/ePcbETPT3oB9Ew== ) ; Key ID = 28157 GOV. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 GOV. 86400 IN DNSKEY ( 256 3 8 AQPO0gfZTyKZiRSwF/XvW9ta+joX/SlCfvNcTsNT4t5edmGhhiRNf45246Z4L6Cx3n93FPHtW91n F+M1gCPyxewRyAM0/UVrqBwutdPQnR8vsQ/WzdsAk50loby/jGN7UAStU/FzllD2qIq4uJ8HcLZW Qth9JV8vKuqVYXgPfhx5lw== ) ; Key ID = 43583 GOV. 86400 IN RRSIG ( DNSKEY 8 1 86400 20190502214731 20190417214231 7698 gov. ocIs3qBX77aDfCB2wAonk4kOqze7WaOKI/7LzbvuBdk5MVppdtS0gPFNZe8ipffRxym+rApFZHQA 9K/V52gv58SgVLlp0yLuytomPI0/ut/a+ZRzxNOJLue+9OzwKLYskFdMeZ2TaBaocBL2kdy6hZUw zbh8fobHnwCldcCUa6hwYQ3h+zwcIJSNVLYWRDymNcsEXO9cGeNK9A4WWkxS2ZTCZ5DbEWhjz6Sg iEyebGW6VCRKhgRLhEY39YbDtAOHwEAiIyvzYcOHCelHIzFgQjUUH4znPy97mt9BBMsX1lusKrqt 2FzZKzR8RM7k911VKhSs8iLtvc8/u9R00fxIgg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 3 DNSKEY records for GOV
	`GOV. 86400 IN DNSKEY ( 256 3 8 AQO1oAFyB/QSuf32vdl3Yp+o83rKLBdvjsz13AdVp8EooKwa6DL4D8G+e3PanKAJyWEiRpNQIAl2 Ra6JuC7DCiEPBziclmFygf2XGdY4qirPqVemcHHKNoVIMNUteughuiPaqlFY8gTZajQ02ZizqiYK +LRxpPs/ePcbETPT3oB9Ew== ) ; Key ID = 28157`
	`GOV. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	`GOV. 86400 IN DNSKEY ( 256 3 8 AQPO0gfZTyKZiRSwF/XvW9ta+joX/SlCfvNcTsNT4t5edmGhhiRNf45246Z4L6Cx3n93FPHtW91n F+M1gCPyxewRyAM0/UVrqBwutdPQnR8vsQ/WzdsAk50loby/jGN7UAStU/FzllD2qIq4uJ8HcLZW Qth9JV8vKuqVYXgPfhx5lw== ) ; Key ID = 43583`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-1 verifies DNSKEY=7698/SEP
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 86400 IN RRSIG ( DNSKEY 8 1 86400 20190502214731 20190417214231 7698 gov. ocIs3qBX77aDfCB2wAonk4kOqze7WaOKI/7LzbvuBdk5MVppdtS0gPFNZe8ipffRxym+rApFZHQA 9K/V52gv58SgVLlp0yLuytomPI0/ut/a+ZRzxNOJLue+9OzwKLYskFdMeZ2TaBaocBL2kdy6hZUw zbh8fobHnwCldcCUa6hwYQ3h+zwcIJSNVLYWRDymNcsEXO9cGeNK9A4WWkxS2ZTCZ5DbEWhjz6Sg iEyebGW6VCRKhgRLhEY39YbDtAOHwEAiIyvzYcOHCelHIzFgQjUUH4znPy97mt9BBMsX1lusKrqt 2FzZKzR8RM7k911VKhSs8iLtvc8/u9R00fxIgg== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=28157 is now in the chain-of-trust
	DNSKEY=43583 is now in the chain-of-trust
	Query to a.gov-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 438 bytes from 69.36.157.30
	;; Answer received from 69.36.157.30 (438 bytes) ;; HEADER SECTION ;; id = 9317 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 5 arcount = 5 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (5 records) CRT2014-2024REVIEW.GOV. 86400 IN NS ns1.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN NS ns2.bpa.GOV. CRT2014-2024REVIEW.GOV. 3600 IN DS ( 13106 8 2 2045dd42254ed1156f5d0cfeb0780625f1433b082d5c5820798e7636b8683e7c ) CRT2014-2024REVIEW.GOV. 3600 IN DS ( 52270 8 2 76c0b3ec22db21c853cda48311441e3929ba4df2b8bd0b1cb589086b51fd7482 ) CRT2014-2024REVIEW.GOV. 3600 IN RRSIG ( DS 8 2 3600 20190426221007 20190419221007 43583 gov. jp1eksd1z4aYKsMP6sw9jMdJv4UIgpan98cu0jjQlxGKF1rrz8bikIXi6FBC3JalC/7e8kBX+H4a JLRWFIRrnm1aEd2wZm3FVC/KP7EvthXJ0SagCIVBPieHcsb0B1Aw+q6ggjua5JDsOwoUSCGGADhJ x/YBfSjXHcLHJKgmyrU= ) ;; ADDITIONAL SECTION (5 records) ns1.bpa.GOV. 86400 IN A 170.160.36.10 ns1.bpa.GOV. 86400 IN AAAA 2620:137:401a:10db::10 ns2.bpa.GOV. 86400 IN A 170.160.100.10 ns2.bpa.GOV. 86400 IN AAAA 2620:137:401b:10db::10 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to c.gov-servers.net for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 438 bytes from 69.36.153.30
	;; Answer received from 69.36.153.30 (438 bytes) ;; HEADER SECTION ;; id = 55425 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 5 arcount = 5 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (5 records) CRT2014-2024REVIEW.GOV. 86400 IN NS ns1.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN NS ns2.bpa.GOV. CRT2014-2024REVIEW.GOV. 3600 IN DS ( 13106 8 2 2045dd42254ed1156f5d0cfeb0780625f1433b082d5c5820798e7636b8683e7c ) CRT2014-2024REVIEW.GOV. 3600 IN DS ( 52270 8 2 76c0b3ec22db21c853cda48311441e3929ba4df2b8bd0b1cb589086b51fd7482 ) CRT2014-2024REVIEW.GOV. 3600 IN RRSIG ( DS 8 2 3600 20190426221007 20190419221007 43583 gov. jp1eksd1z4aYKsMP6sw9jMdJv4UIgpan98cu0jjQlxGKF1rrz8bikIXi6FBC3JalC/7e8kBX+H4a JLRWFIRrnm1aEd2wZm3FVC/KP7EvthXJ0SagCIVBPieHcsb0B1Aw+q6ggjua5JDsOwoUSCGGADhJ x/YBfSjXHcLHJKgmyrU= ) ;; ADDITIONAL SECTION (5 records) ns1.bpa.GOV. 86400 IN A 170.160.36.10 ns2.bpa.GOV. 86400 IN A 170.160.100.10 ns1.bpa.GOV. 86400 IN AAAA 2620:137:401a:10db::10 ns2.bpa.GOV. 86400 IN AAAA 2620:137:401b:10db::10 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found child zone CRT2014-2024REVIEW.GOV

CRT2014-2024REVIEW.GOV

	Checking DS between GOV and CRT2014-2024REVIEW.GOV
	Query to c.gov-servers.net for CRT2014-2024REVIEW.GOV/DS
	Received 310 bytes from 69.36.153.30
	;; Answer received from 69.36.153.30 (310 bytes) ;; HEADER SECTION ;; id = 49930 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DS ;; ANSWER SECTION (3 records) CRT2014-2024REVIEW.GOV. 3600 IN DS ( 13106 8 2 2045dd42254ed1156f5d0cfeb0780625f1433b082d5c5820798e7636b8683e7c ) CRT2014-2024REVIEW.GOV. 3600 IN DS ( 52270 8 2 76c0b3ec22db21c853cda48311441e3929ba4df2b8bd0b1cb589086b51fd7482 ) CRT2014-2024REVIEW.GOV. 3600 IN RRSIG ( DS 8 2 3600 20190426221007 20190419221007 43583 gov. jp1eksd1z4aYKsMP6sw9jMdJv4UIgpan98cu0jjQlxGKF1rrz8bikIXi6FBC3JalC/7e8kBX+H4a JLRWFIRrnm1aEd2wZm3FVC/KP7EvthXJ0SagCIVBPieHcsb0B1Aw+q6ggjua5JDsOwoUSCGGADhJ x/YBfSjXHcLHJKgmyrU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found 2 DS records for CRT2014-2024REVIEW.GOV in the GOV zone
	DS=13106/SHA-256 has algorithm RSASHA256
	DS=52270/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`CRT2014-2024REVIEW.GOV. 3600 IN RRSIG ( DS 8 2 3600 20190426221007 20190419221007 43583 gov. jp1eksd1z4aYKsMP6sw9jMdJv4UIgpan98cu0jjQlxGKF1rrz8bikIXi6FBC3JalC/7e8kBX+H4a JLRWFIRrnm1aEd2wZm3FVC/KP7EvthXJ0SagCIVBPieHcsb0B1Aw+q6ggjua5JDsOwoUSCGGADhJ x/YBfSjXHcLHJKgmyrU= )`
	RRSIG=43583 and DNSKEY=43583 verifies the DS RRset
	DS=13106/SHA-256 is now in the chain-of-trust
	DS=52270/SHA-256 is now in the chain-of-trust
	`CRT2014-2024REVIEW.GOV. 3600 IN DS ( 13106 8 2 2045dd42254ed1156f5d0cfeb0780625f1433b082d5c5820798e7636b8683e7c )`
	`CRT2014-2024REVIEW.GOV. 3600 IN DS ( 52270 8 2 76c0b3ec22db21c853cda48311441e3929ba4df2b8bd0b1cb589086b51fd7482 )`
	Query to ns2.bpa.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 2395 bytes from 170.160.100.10
	;; Answer received from 170.160.100.10 (2395 bytes) ;; HEADER SECTION ;; id = 14088 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 8 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (8 records) CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 256 3 8 AwEAAcAPqZ+gpfbQx8+VLq+N+viwCRhn465hzThiu+g3DsYG9Nqi4qp8Gwgfhs1+hdqJkTfczexX 6mxRUwCtIFo4HZjVenRhAzTkpFr3LdLgLTRSF0rQBPRoYG8/q/xDhtdQ01aQdEeFNneBsms9964p pQkNLHTlTDk1dSrKD1sXxMvcXcCKnaRRaWPnSkTJJ/IT+wp3fUPNRIK5RVsHWAAhDoioe6xM1nsD 0rkptmb4kfqZm1BAwxbxhl526amJXaDQJU5jIRbtMltfae2QhYKX9ZTXSL+4Dw62z/Ry3FDVONmh 5RYKD0av3JsGiYSxPefCLC/xqeGfwT4QZMvP8TcOtGk= ) ; Key ID = 23923 CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 256 3 8 AwEAAbk1AjKwxewB5lpItc6fazdkSkqRVu9GzK20gTW3LLKyxB51+egrMxf8CxY5mY4rdnzaQJlg rm/GoAhQd57BAZ/SGHZa/LpFreycjGvNZOHxyIun2dxLEOXgjQ35B4W7ubAFM419io/UoK6+H7Cf UNjh25uOFxGBQ2Jd8JKkAvxwh8PG78wnPpXnhykr/3QJPby9LeYlpyTuly+CL63ZwodIwwU0Akar Aj/Z4yzUE5InpGk90Ls2Y8NK5Upq1+PUFpAsKKQU4Xm6rAbjecAMT24c7aJSRg+FIfBLSpBfh+dM uCvarb3hwhsu4NgjHkvlQo3VmomP4xdErEMR/Hc8/9U= ) ; Key ID = 9084 CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 257 3 8 AwEAAbPDDTgtl4Q/phNfTJcF6LukCTbzxCUVw8EntVkhtKVHzgMTxzk/+SlsYF2wWEpudsN76HiP WvIUtAjLw/UyCw6k7V/7yVVKDZ2KrejUiEdMLydir+9XzwYIjAWFRAI5PGzOKgBZnnRbyTV53kD3 PTCkBFHPn+bdBNigSEn0aIToiA5OoabPbI0/qwv9IsQwbaOP5+Xdp0YalTqmugbcJB+zdDKgDQK/ +d0Twg1K4/mtDLaekxlwuJWai0e9XceuywZRrtOfE5zrYeP6ym2l+clzEeSBAocwHvKOZIRvaM1h G525+9Aob/3isIMY5g0JdeO49aQY9wx62l+TBS32f7E= ) ; Key ID = 52270 CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 257 3 8 AwEAAfP6qVcM0e2J4u7XsFcyJiMruL/XOLuFtq1UpklmBWDa+DCN8V0sYT2hDI4zDb2xvcm0bs4V HasncJUvH4+DNr6Ty/4upTNQfj+wiPLAkYevZHAFhF8oV2UbQLkLJ9ncxqqWx8tomwwDI1Sx+Ujs 4vUAZCvzs9P51ZwORXKAt3DauJ5zgscxQUX/lKDKshJWEB72hzKyFNmxYfC807OYwLcZxMCo1/zI 5IWuVUkySF1x3BkCycai4fMa7l4RXklydQpNYK9bqzfOvI20h+9JfCP59IWp9D4/aMDq8yht9+Ua mvkuwuokj8KYv6C6Pr7pbeW05ec7mEZcSdIu4K5f1hM= ) ; Key ID = 13106 CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 52270 crt2014-2024review.gov. jBPKDAB/axKPnuhDSy8OLhMnzy8Amv7QIerAieDk7mAn6g1dARYsOz4p5/CSRTmpbPGIZINk/UGW dmyIVRyq8m1q7rFj1Pbgt3uAiz6Gsngtd6753XiYoq2hqTLlUulten0kN0zOvBYhzYmdnls4TDVw sddJ7dmFZK+naOdCMN4uZrMBCxmxdXdhH8Bs5EwX9cieNLCPg5ZTmqb8ADE3CO5YdKc2aw2ogL2P GmAKhN0EYFiuaIWhvbQ7hDzYGG7vRdxaFnLJQhSD/QPOP7HRvCF9FKD1VeZpi6LtGIy0bSX21Kk/ 1/bMfv4HKedo29sxL0FvUoG4Yn83+6aieKZupA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 13106 crt2014-2024review.gov. HY29XqOEK/w+OLMiBe7ETRJDbneaHnIJgKglZiBxvNGfncZ+V28b88aaqgM1DwOYgRtR9v3XjfOd vu3Xjl8Cil0GoiK7Bw3Y4QTgv4i8cK/P0YpZLLrEkkVjMCsNHwkBgac4HKz7VDBjxnc3KT9RtYZK NEaWY3yOHxgk2MpwAEesxleWo5j+Pb7LfsrIf+MSiBQQmKQp2cLiwP7PhWNAqvyVGP6ZDn5bHkDL lno812hx846oVe0QZSHc+jdmCAeG64zhxvnDdstBeDogSmMc8OJpnxzSYoYPOduGATkGXtKC5MmT SoINU3u6zU/zBfxMLEZ/tTbHMvil8cE8zPqokA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 4 DNSKEY records for CRT2014-2024REVIEW.GOV
	`CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 256 3 8 AwEAAcAPqZ+gpfbQx8+VLq+N+viwCRhn465hzThiu+g3DsYG9Nqi4qp8Gwgfhs1+hdqJkTfczexX 6mxRUwCtIFo4HZjVenRhAzTkpFr3LdLgLTRSF0rQBPRoYG8/q/xDhtdQ01aQdEeFNneBsms9964p pQkNLHTlTDk1dSrKD1sXxMvcXcCKnaRRaWPnSkTJJ/IT+wp3fUPNRIK5RVsHWAAhDoioe6xM1nsD 0rkptmb4kfqZm1BAwxbxhl526amJXaDQJU5jIRbtMltfae2QhYKX9ZTXSL+4Dw62z/Ry3FDVONmh 5RYKD0av3JsGiYSxPefCLC/xqeGfwT4QZMvP8TcOtGk= ) ; Key ID = 23923`
	`CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 256 3 8 AwEAAbk1AjKwxewB5lpItc6fazdkSkqRVu9GzK20gTW3LLKyxB51+egrMxf8CxY5mY4rdnzaQJlg rm/GoAhQd57BAZ/SGHZa/LpFreycjGvNZOHxyIun2dxLEOXgjQ35B4W7ubAFM419io/UoK6+H7Cf UNjh25uOFxGBQ2Jd8JKkAvxwh8PG78wnPpXnhykr/3QJPby9LeYlpyTuly+CL63ZwodIwwU0Akar Aj/Z4yzUE5InpGk90Ls2Y8NK5Upq1+PUFpAsKKQU4Xm6rAbjecAMT24c7aJSRg+FIfBLSpBfh+dM uCvarb3hwhsu4NgjHkvlQo3VmomP4xdErEMR/Hc8/9U= ) ; Key ID = 9084`
	`CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 257 3 8 AwEAAbPDDTgtl4Q/phNfTJcF6LukCTbzxCUVw8EntVkhtKVHzgMTxzk/+SlsYF2wWEpudsN76HiP WvIUtAjLw/UyCw6k7V/7yVVKDZ2KrejUiEdMLydir+9XzwYIjAWFRAI5PGzOKgBZnnRbyTV53kD3 PTCkBFHPn+bdBNigSEn0aIToiA5OoabPbI0/qwv9IsQwbaOP5+Xdp0YalTqmugbcJB+zdDKgDQK/ +d0Twg1K4/mtDLaekxlwuJWai0e9XceuywZRrtOfE5zrYeP6ym2l+clzEeSBAocwHvKOZIRvaM1h G525+9Aob/3isIMY5g0JdeO49aQY9wx62l+TBS32f7E= ) ; Key ID = 52270`
	`CRT2014-2024REVIEW.GOV. 86400 IN DNSKEY ( 257 3 8 AwEAAfP6qVcM0e2J4u7XsFcyJiMruL/XOLuFtq1UpklmBWDa+DCN8V0sYT2hDI4zDb2xvcm0bs4V HasncJUvH4+DNr6Ty/4upTNQfj+wiPLAkYevZHAFhF8oV2UbQLkLJ9ncxqqWx8tomwwDI1Sx+Ujs 4vUAZCvzs9P51ZwORXKAt3DauJ5zgscxQUX/lKDKshJWEB72hzKyFNmxYfC807OYwLcZxMCo1/zI 5IWuVUkySF1x3BkCycai4fMa7l4RXklydQpNYK9bqzfOvI20h+9JfCP59IWp9D4/aMDq8yht9+Ua mvkuwuokj8KYv6C6Pr7pbeW05ec7mEZcSdIu4K5f1hM= ) ; Key ID = 13106`
	DNSKEY=52270/SEP is now in the chain-of-trust
	DS=52270/SHA-256 verifies DNSKEY=52270/SEP
	DNSKEY=13106/SEP is now in the chain-of-trust
	DS=13106/SHA-256 verifies DNSKEY=13106/SEP
	Found 4 RRSIGs over DNSKEY RRset
	`CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== )`
	`CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== )`
	`CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 52270 crt2014-2024review.gov. jBPKDAB/axKPnuhDSy8OLhMnzy8Amv7QIerAieDk7mAn6g1dARYsOz4p5/CSRTmpbPGIZINk/UGW dmyIVRyq8m1q7rFj1Pbgt3uAiz6Gsngtd6753XiYoq2hqTLlUulten0kN0zOvBYhzYmdnls4TDVw sddJ7dmFZK+naOdCMN4uZrMBCxmxdXdhH8Bs5EwX9cieNLCPg5ZTmqb8ADE3CO5YdKc2aw2ogL2P GmAKhN0EYFiuaIWhvbQ7hDzYGG7vRdxaFnLJQhSD/QPOP7HRvCF9FKD1VeZpi6LtGIy0bSX21Kk/ 1/bMfv4HKedo29sxL0FvUoG4Yn83+6aieKZupA== )`
	`CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( DNSKEY 8 2 86400 20190426104453 20190419104453 13106 crt2014-2024review.gov. HY29XqOEK/w+OLMiBe7ETRJDbneaHnIJgKglZiBxvNGfncZ+V28b88aaqgM1DwOYgRtR9v3XjfOd vu3Xjl8Cil0GoiK7Bw3Y4QTgv4i8cK/P0YpZLLrEkkVjMCsNHwkBgac4HKz7VDBjxnc3KT9RtYZK NEaWY3yOHxgk2MpwAEesxleWo5j+Pb7LfsrIf+MSiBQQmKQp2cLiwP7PhWNAqvyVGP6ZDn5bHkDL lno812hx846oVe0QZSHc+jdmCAeG64zhxvnDdstBeDogSmMc8OJpnxzSYoYPOduGATkGXtKC5MmT SoINU3u6zU/zBfxMLEZ/tTbHMvil8cE8zPqokA== )`
	RRSIG=23923 and DNSKEY=23923 does not verify the DNSKEY RRset (signature verification failed)
	RRSIG=9084 and DNSKEY=9084 does not verify the DNSKEY RRset (signature verification failed)
	RRSIG=52270 and DNSKEY=52270/SEP verifies the DNSKEY RRset
	RRSIG=13106 and DNSKEY=13106/SEP verifies the DNSKEY RRset
	DNSKEY=23923 is now in the chain-of-trust
	DNSKEY=9084 is now in the chain-of-trust
	Query to ns2.bpa.GOV for CRT2014-2024REVIEW.GOV/A
	Received 1347 bytes from 170.160.100.10
	;; Answer received from 170.160.100.10 (1347 bytes) ;; HEADER SECTION ;; id = 5144 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (3 records) CRT2014-2024REVIEW.GOV. 1800 IN A 170.160.42.18 CRT2014-2024REVIEW.GOV. 1800 IN RRSIG ( A 8 2 1800 20190425112211 20190418112211 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 1800 IN RRSIG ( A 8 2 1800 20190426093551 20190419093551 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; AUTHORITY SECTION (4 records) CRT2014-2024REVIEW.GOV. 86400 IN NS ns1.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN NS ns2.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190425112211 20190418112211 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190426093551 20190419093551 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	CRT2014-2024REVIEW.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Found RRSIG signed by crt2014-2024review.gov zone
	Query to ns2.bpa.GOV for CRT2014-2024REVIEW.GOV/SOA
	Received 1378 bytes from 170.160.100.10
	;; Answer received from 170.160.100.10 (1378 bytes) ;; HEADER SECTION ;; id = 36636 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN SOA ;; ANSWER SECTION (3 records) CRT2014-2024REVIEW.GOV. 43200 IN SOA ( ns1.bpa.GOV. hostmaster.bpa.GOV. 2018092102 ;serial 43200 ;refresh 3600 ;retry 1209600 ;expire 3600 ;minimum ) CRT2014-2024REVIEW.GOV. 43200 IN RRSIG ( SOA 8 2 43200 20190427030654 20190420030654 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 43200 IN RRSIG ( SOA 8 2 43200 20190427030654 20190420030654 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; AUTHORITY SECTION (4 records) CRT2014-2024REVIEW.GOV. 86400 IN NS ns2.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN NS ns1.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190425103200 20190418103200 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190426085423 20190419085423 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns1.bpa.GOV for CRT2014-2024REVIEW.GOV/SOA
	Received 1378 bytes from 170.160.36.10
	;; Answer received from 170.160.36.10 (1378 bytes) ;; HEADER SECTION ;; id = 34461 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN SOA ;; ANSWER SECTION (3 records) CRT2014-2024REVIEW.GOV. 43200 IN SOA ( ns1.bpa.GOV. hostmaster.bpa.GOV. 2018092102 ;serial 43200 ;refresh 3600 ;retry 1209600 ;expire 3600 ;minimum ) CRT2014-2024REVIEW.GOV. 43200 IN RRSIG ( SOA 8 2 43200 20190425033650 20190418033650 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 43200 IN RRSIG ( SOA 8 2 43200 20190427030654 20190420030654 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; AUTHORITY SECTION (4 records) CRT2014-2024REVIEW.GOV. 86400 IN NS ns1.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN NS ns2.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190424071615 20190417071615 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190426093545 20190419093545 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns2.bpa.GOV for CRT2014-2024REVIEW.GOV/A
	Error querying ns2.bpa.GOV/2620:137:401b:10db:0:0:0:10 for CRT2014-2024REVIEW.GOV/A: 'IPv6 transport disabled'
	Received 1347 bytes from 170.160.100.10
	;; Answer received from 170.160.100.10 (1347 bytes) ;; HEADER SECTION ;; id = 25547 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (3 records) CRT2014-2024REVIEW.GOV. 1800 IN A 170.160.42.18 CRT2014-2024REVIEW.GOV. 1800 IN RRSIG ( A 8 2 1800 20190425112211 20190418112211 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 1800 IN RRSIG ( A 8 2 1800 20190426093551 20190419093551 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; AUTHORITY SECTION (4 records) CRT2014-2024REVIEW.GOV. 86400 IN NS ns2.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN NS ns1.bpa.GOV. CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190425112211 20190418112211 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) CRT2014-2024REVIEW.GOV. 86400 IN RRSIG ( NS 8 2 86400 20190426093551 20190419093551 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	CRT2014-2024REVIEW.GOV A RR has value 170.160.42.18
	Found 2 RRSIGs over A RRset
	`CRT2014-2024REVIEW.GOV. 1800 IN RRSIG ( A 8 2 1800 20190425112211 20190418112211 23923 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== )`
	`CRT2014-2024REVIEW.GOV. 1800 IN RRSIG ( A 8 2 1800 20190426093551 20190419093551 9084 crt2014-2024review.gov. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== )`
	RRSIG=23923 and DNSKEY=23923 does not verify the A RRset (signature verification failed)
	RRSIG=9084 and DNSKEY=9084 does not verify the A RRset (signature verification failed)
	None of the 2 RRSIG and 4 DNSKEY records validate the A RRset
	The A RRset was not signed by any keys in the chain-of-trust

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: