DNSSEC Debugger - CRT2014-2024REVIEW.GOV

Domain Name:

Time: 2025-10-21 12:39:31 UTC

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to h.root-servers.net for ./DNSKEY
	Received 1139 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 1139 octets ;; HEADER SECTION ;; id = 8231 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20251111000000 20251021000000 20326 . qu+HIDWi0ILo1qOR9j+Z8KZsBjm3N+xbTPm0UrqtVgtDmcuA0BF/m4zEQ/Wf32rCnGxW2tlrw0lq Lqpf/+1UtsfFhNCp6c88XVI19sLyeJwgAK0dYjZtSzObkArDsU9YHmKfB8ai18AN4XHD6Op1G5Io RJsNYsAyWg6GOkuaFspxV9L+ddDhjRhCmDKl3vHcRc9PscgwI47Y5hJgucB0uVbK1XbiQmAg8qqB 0YiVdyWknzL3VYkbdpyMYTlBXuLY9cW2bWrclP6nAnLNJ2BuyXBKOKXYvPCLEeu6hkmBJc6twAJK rGtEZaETWnYUFUgUj3bQHKYLgInclkXIEtF7gQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20251111000000 20251021000000 20326 . qu+HIDWi0ILo1qOR9j+Z8KZsBjm3N+xbTPm0UrqtVgtDmcuA0BF/m4zEQ/Wf32rCnGxW2tlrw0lq Lqpf/+1UtsfFhNCp6c88XVI19sLyeJwgAK0dYjZtSzObkArDsU9YHmKfB8ai18AN4XHD6Op1G5Io RJsNYsAyWg6GOkuaFspxV9L+ddDhjRhCmDKl3vHcRc9PscgwI47Y5hJgucB0uVbK1XbiQmAg8qqB 0YiVdyWknzL3VYkbdpyMYTlBXuLY9cW2bWrclP6nAnLNJ2BuyXBKOKXYvPCLEeu6hkmBJc6twAJK rGtEZaETWnYUFUgUj3bQHKYLgInclkXIEtF7gQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=61809 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to h.root-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 629 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 629 octets ;; HEADER SECTION ;; id = 2629 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20251103050000 20251021040000 61809 . CmBYqCHtg8j0reoifgpirEmB8Bz3xgtozi8+EbyBpMgDPuyF+LuMvOVITHEYAmXPSDebc8PQkvod Askv6X93NZbmJNvqnJs5nEwMTUzuBnCTToBMaj2eaJDtcIcNHxxOS07tD64TVMR6Og1bKG0q/V++ Eve5SW2Fe6bBab72OuvsSbXPyRUiN2GKSh3iejYzaxup+Qx1lBikmon9xVwTrE6crKoNebaTSF6Z jNH/QWTnSOibG7JspYt7ir0MIAscSguVr3GsWsHAikpwoMYGokaGMHqDFUl4qJksubmx8pznZskG jXOZq8TAsrh/TixyxfvTGnjIVdhgOVQqGVN1yA== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 b.ns.GOV. 172800 IN A 199.33.231.1 c.ns.GOV. 172800 IN A 199.33.232.1 d.ns.GOV. 172800 IN A 199.33.233.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to d.root-servers.net for GOV/DNSKEY
	Received 610 bytes from 199.7.91.13
	;; Response received from [199.7.91.13] 610 octets ;; HEADER SECTION ;; id = 53317 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1450, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20251103050000 20251021040000 61809 . CmBYqCHtg8j0reoifgpirEmB8Bz3xgtozi8+EbyBpMgDPuyF+LuMvOVITHEYAmXPSDebc8PQkvod Askv6X93NZbmJNvqnJs5nEwMTUzuBnCTToBMaj2eaJDtcIcNHxxOS07tD64TVMR6Og1bKG0q/V++ Eve5SW2Fe6bBab72OuvsSbXPyRUiN2GKSh3iejYzaxup+Qx1lBikmon9xVwTrE6crKoNebaTSF6Z jNH/QWTnSOibG7JspYt7ir0MIAscSguVr3GsWsHAikpwoMYGokaGMHqDFUl4qJksubmx8pznZskG jXOZq8TAsrh/TixyxfvTGnjIVdhgOVQqGVN1yA== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 b.ns.GOV. 172800 IN A 199.33.231.1 c.ns.GOV. 172800 IN A 199.33.232.1 d.ns.GOV. 172800 IN A 199.33.233.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to c.root-servers.net for GOV/DS
	Received 370 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 370 octets ;; HEADER SECTION ;; id = 12960 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251103050000 20251021040000 61809 . CmBYqCHtg8j0reoifgpirEmB8Bz3xgtozi8+EbyBpMgDPuyF+LuMvOVITHEYAmXPSDebc8PQkvod Askv6X93NZbmJNvqnJs5nEwMTUzuBnCTToBMaj2eaJDtcIcNHxxOS07tD64TVMR6Og1bKG0q/V++ Eve5SW2Fe6bBab72OuvsSbXPyRUiN2GKSh3iejYzaxup+Qx1lBikmon9xVwTrE6crKoNebaTSF6Z jNH/QWTnSOibG7JspYt7ir0MIAscSguVr3GsWsHAikpwoMYGokaGMHqDFUl4qJksubmx8pznZskG jXOZq8TAsrh/TixyxfvTGnjIVdhgOVQqGVN1yA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for GOV in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20251103050000 20251021040000 61809 . CmBYqCHtg8j0reoifgpirEmB8Bz3xgtozi8+EbyBpMgDPuyF+LuMvOVITHEYAmXPSDebc8PQkvod Askv6X93NZbmJNvqnJs5nEwMTUzuBnCTToBMaj2eaJDtcIcNHxxOS07tD64TVMR6Og1bKG0q/V++ Eve5SW2Fe6bBab72OuvsSbXPyRUiN2GKSh3iejYzaxup+Qx1lBikmon9xVwTrE6crKoNebaTSF6Z jNH/QWTnSOibG7JspYt7ir0MIAscSguVr3GsWsHAikpwoMYGokaGMHqDFUl4qJksubmx8pznZskG jXOZq8TAsrh/TixyxfvTGnjIVdhgOVQqGVN1yA== )`
	RRSIG=61809 and DNSKEY=61809 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.GOV for GOV/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 29997 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251219110613 20251019110613 2536 gov. j3FRDkQ+/qhx8n7XWgDk7DC6YuMd0K42x1BaoJP4SEm+WtzI5LbaxO7OS3rDz3G0nG4HtRwBe8wW 1w4LNc5mNA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for GOV
	`GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251219110613 20251019110613 2536 gov. j3FRDkQ+/qhx8n7XWgDk7DC6YuMd0K42x1BaoJP4SEm+WtzI5LbaxO7OS3rDz3G0nG4HtRwBe8wW 1w4LNc5mNA== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 60340 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. YNCSusA4KLA2n9QcsMSq/8OJU0BXmkM8Dvt8gMCDbIycV2SycyWN5wjx551kltOmJ5MwCwp1dyMb POz8O7AAwQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. IsnuSSy1odmk2VbGjtGogpaY508hH3xAoVNoEeBp0W+Mzs8BL2/RnadCtbjVq64YKy0biJgVRX5M OS5mbsQzgw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	b.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 60093 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. pP1B7np7OPtdF10dASbftFA9aJPWkZoDM6rBMSNJ7gdSNH9tf509zA1kKU0wJKMwOkFhNTpMF1h8 RunG4jr4jw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. /M4PzSYuosCrZvHi5KQTKxvLGbIyWXI8/3FOkv7FlCS5mY9mQdPA9PXCdPmiQWeDkJvv6V7DY6ER MurzDlsrww== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 190 octets ;; HEADER SECTION ;; id = 49183 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. 5JEUI/nbDnju6snwywBbdDMGswaJinmx/T6dXbywLpv4+KmP0uttL/ecqUrrz0bwW3dQIYxl1MCu 1l2HYVtxRg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to c.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 190 octets ;; HEADER SECTION ;; id = 9822 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. veG/eaO3KJzmVyEcFIB1/CsbaWADK2qMgKrAvButLzmF8iDWlKStsH3BCHdqrxxPpCtPEUMLlbKx 32JTMwMAow== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 190 octets ;; HEADER SECTION ;; id = 25861 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. Re4IOURYwULeMyTBpUB62XJhHW+FkFXFNoKMyOGO/5CDUJyOsiwr9ec6/p+3fFFy+ImfRfj44H/9 0g01qULenA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 1224 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. /dDhqANs1IBAFAa/xkhs56Dd+QftTEw2+1mj4ofrgbGiruMSEXYnXHkvhIHsyLLXUcoPqcZ1jmHW ibP8F+A9dA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. tUXBa4lUHxEM79nJKK3bP4VdBAYDN4LUp03a+lBWW/wcsirNZQd03BYGBvYP1qgwiUqWG7SdFVw5 XmlRr3Gk0w== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. tUXBa4lUHxEM79nJKK3bP4VdBAYDN4LUp03a+lBWW/wcsirNZQd03BYGBvYP1qgwiUqWG7SdFVw5 XmlRr3Gk0w== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. YNCSusA4KLA2n9QcsMSq/8OJU0BXmkM8Dvt8gMCDbIycV2SycyWN5wjx551kltOmJ5MwCwp1dyMb POz8O7AAwQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 31111 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. 2EiGMKxzwFpLXVGYqqcSIyMthbokxdBdnHOTmnvoRKtybgvsI8/ZBgn4+WmEF4DBnfoKFnJ1VQCd ZHvmEMGWaQ== ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. 2kYxHT30s8u/bLE7MLMVr1D/VS09pnj7gpGscVP9a9mTY9uZs8UH78r/cGDRkFDELBGfXP1i/Maq BiT4bGH+tg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 28154 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. 1m0lqLOG7JPG74QLYW4YDPs6+/fKEwjuDOFiqwN77dxKc8wFzpykOzsiXavy8aIzAhrEMpGfZzzx Wz+jxxsx/g== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. J5NenQwKqhImdJ94PJFMXOBYKsC3Hp4SG/Ao6cyXgirdBzqArwRqibg6uOy0w752Cv5fmdcheYBX twJFsaY5Bg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 11222 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. LUAURCyFp0qEUAdg7Q+3o5uG1e0DXefgGU/7+ro1tHBLqmVQnbcSE5IIxVPsMjceIRcl/4HUizn+ /DlTFN3P5w== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. j0u4cs6yEUfdM98dDwRk4Cio0t3prbqa5q2t3+x+kxSPkHydLo3PJmmr0LKJTQUND4GXqxkr+liU zsG0/rNRLA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. j0u4cs6yEUfdM98dDwRk4Cio0t3prbqa5q2t3+x+kxSPkHydLo3PJmmr0LKJTQUND4GXqxkr+liU zsG0/rNRLA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. 2kYxHT30s8u/bLE7MLMVr1D/VS09pnj7gpGscVP9a9mTY9uZs8UH78r/cGDRkFDELBGfXP1i/Maq BiT4bGH+tg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 16340 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. jzMV+Lu85Ymxth4sRIU7a7ro5CP0ek/7/t22QTA3Lg2HVKAtDi6ITvU6aZQ6QuGvEAYmNaLAsFLA JHUt44wuKg== ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. reIDbmNj88dKwom+34UZMPy7CzZ1TjSIvEHC+yTRgqMwRWgt+sWXpB5k31xQ89R4nxAFyoY85tZk Jp45BCcfDQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	c.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 50436 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. mJqpCZeNhfZCLl87xUEW/GvyMjH8Sx0s9nZBNE+Q9XKYyZLeiPtXPvn5WRFlz01qdtiS2Qfdisoc cXzPzp1bQg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. 6ehmachkEt04/uTC4TYXboYKjVnkVBCwM8TOcsFv7tR/DJm+QBlCVEf4o3vEmVhEHXNc0DQZRhkF iVln6e26bg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 22148 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. GPdWvnrh4gyyNUPDj2EYhM4wpAadyR3g3iYYhBwojyKNd9lVBEJnK2iaM57KUcdFU9lJuM+RLHi5 PKIE/EG0Sw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. LgotV6MTtAwG8M28iiDZsgkQ6PTvvUW5WHI8KC9zNG6kWPVEmLi5MmYbmPdVl8zXk39R4xpul/R1 gSf/BotRsw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. LgotV6MTtAwG8M28iiDZsgkQ6PTvvUW5WHI8KC9zNG6kWPVEmLi5MmYbmPdVl8zXk39R4xpul/R1 gSf/BotRsw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. reIDbmNj88dKwom+34UZMPy7CzZ1TjSIvEHC+yTRgqMwRWgt+sWXpB5k31xQ89R4nxAFyoY85tZk Jp45BCcfDQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 36311 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. WYHNBGt5qOB8J5/ewsQBuDm6/o4wYvczNHvCxvzG9my+Afu65SZybLMdd9AcFQFG7RIbhg+WzAJO 2zzm0UsMTw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. 2+tEdnfFzuNNQtZEk68PUiYp3b+/so9ov4nV9rGz7N3OUZVQCJ5Mk1ZqbjcCRHvJiGAqc6wkbiom f5OBoJvakA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	d.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 55008 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. hz6txKL7OdYYZ0AOGtj8ecC6KNW5GpnStvp0Dn8Nlubss4zgvZBk0HrtPy/2hd1OgEOXAxMnOSo5 tEhEMGC1wQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. YBLO/yKPeRbHOMR7q120cBqgV5EQNWeHH8QOp9BbO0XUFrU+0OnajzzK17cKYjTg+5yd2FRbds9O E5wfFa6TZg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 33048 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1761050101 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. GiuXOa1J5PvO/IrBSzWlVxGf0WPt47+2U8eul6B9PvuhEFSzxYAORlv5hVRRSkm+8uGCewA8CnM0 ajP48QulkQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. SeIObJGFsTOg6crV0OwjzW4SsRs234N7qDqy4Sten7BfEIR8BWm/9wDCAjaH4JDg40a4WY1oERbw nz6cIUPDvQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20251022133931 20251020113931 35496 gov. SeIObJGFsTOg6crV0OwjzW4SsRs234N7qDqy4Sten7BfEIR8BWm/9wDCAjaH4JDg40a4WY1oERbw nz6cIUPDvQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20251022133931 20251020113931 35496 gov. WYHNBGt5qOB8J5/ewsQBuDm6/o4wYvczNHvCxvzG9my+Afu65SZybLMdd9AcFQFG7RIbhg+WzAJO 2zzm0UsMTw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: