DNSSEC Debugger - CRT2014-2024REVIEW.GOV

Domain Name:

Time: 2025-09-17 18:17:44 UTC

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to e.root-servers.net for ./DNSKEY
	Received 1414 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 1414 octets ;; HEADER SECTION ;; id = 14697 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 65535, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250930000000 20250909000000 20326 . aqj52+DKW6PhTa31l3xyxa0lbMd8T/UyK1sNUC42EY1+cSp0hSC0VlW82RsWYU5G5NmewrInT/Sx glWFlFz94yVqiKAK7ZNQr94nRbA7okrrlfnloiBi3cQ1IvEUgvNcmlZMLTeA6rINvdcBwS7ljMOH m0vQDce9IOxhQT7iAu23oiNORw5nWG/npNkYRFDD4yQvD3HsNeXFTuyDuc57ZEjs/pnIG5nkcqx7 tp/ba3XbOGllDr/V/0ubak7OeWum1eckIljqUsx5BnfBfIA7rJ2JJBIT7JMJ/O/cflTKoJFHQoKG TVYrNVBq9vsnZ01Q4ss688IvI8vO3zkP6LQLEA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250930000000 20250909000000 20326 . aqj52+DKW6PhTa31l3xyxa0lbMd8T/UyK1sNUC42EY1+cSp0hSC0VlW82RsWYU5G5NmewrInT/Sx glWFlFz94yVqiKAK7ZNQr94nRbA7okrrlfnloiBi3cQ1IvEUgvNcmlZMLTeA6rINvdcBwS7ljMOH m0vQDce9IOxhQT7iAu23oiNORw5nWG/npNkYRFDD4yQvD3HsNeXFTuyDuc57ZEjs/pnIG5nkcqx7 tp/ba3XbOGllDr/V/0ubak7OeWum1eckIljqUsx5BnfBfIA7rJ2JJBIT7JMJ/O/cflTKoJFHQoKG TVYrNVBq9vsnZ01Q4ss688IvI8vO3zkP6LQLEA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=38696/SEP is now in the chain-of-trust
	DNSKEY=53148 is now in the chain-of-trust
	DNSKEY=46441 is now in the chain-of-trust
	Query to g.root-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 635 bytes from 192.112.36.4
	;; Response received from [192.112.36.4] 635 octets ;; HEADER SECTION ;; id = 11093 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250930170000 20250917160000 46441 . AwbNY+voMl1OUTjSvUErAS5G/ScBk7y9kbl6u+4NsdnPdJe5RsPLVUMRn5bLmCFkT/13f+CSwvPT P4HvbqtehnLMfpwXI1tXWoZBdwbySOQaMWoehRg6BXlpIEQDdTMEcm0Um6Q0d2Kd0C6Myjrx927O nDxSkBOLcggqZRZdvFw+VPfPo/LJxi77dlNLKYAE9FFLotskc/dIEmEaArEfwud7prMIlu87iLAn XejqdNM8qWfccK5/AGjgYfvzKx44a3iCT2yT4kapWNeYpEep5a0pqQMBRfLMHlWmGRqcGmBlkjaL 6mPI4sQNxG8IJ1Pyf0i3QODtlwZ5l5Wwmwr7Lw== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Query to h.root-servers.net for GOV/DNSKEY
	Received 610 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 610 octets ;; HEADER SECTION ;; id = 64486 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20250930170000 20250917160000 46441 . AwbNY+voMl1OUTjSvUErAS5G/ScBk7y9kbl6u+4NsdnPdJe5RsPLVUMRn5bLmCFkT/13f+CSwvPT P4HvbqtehnLMfpwXI1tXWoZBdwbySOQaMWoehRg6BXlpIEQDdTMEcm0Um6Q0d2Kd0C6Myjrx927O nDxSkBOLcggqZRZdvFw+VPfPo/LJxi77dlNLKYAE9FFLotskc/dIEmEaArEfwud7prMIlu87iLAn XejqdNM8qWfccK5/AGjgYfvzKx44a3iCT2yT4kapWNeYpEep5a0pqQMBRfLMHlWmGRqcGmBlkjaL 6mPI4sQNxG8IJ1Pyf0i3QODtlwZ5l5Wwmwr7Lw== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 b.ns.GOV. 172800 IN A 199.33.231.1 c.ns.GOV. 172800 IN A 199.33.232.1 d.ns.GOV. 172800 IN A 199.33.233.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to f.root-servers.net for GOV/DS
	Received 367 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 367 octets ;; HEADER SECTION ;; id = 2466 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (2 records) GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20250930170000 20250917160000 46441 . AwbNY+voMl1OUTjSvUErAS5G/ScBk7y9kbl6u+4NsdnPdJe5RsPLVUMRn5bLmCFkT/13f+CSwvPT P4HvbqtehnLMfpwXI1tXWoZBdwbySOQaMWoehRg6BXlpIEQDdTMEcm0Um6Q0d2Kd0C6Myjrx927O nDxSkBOLcggqZRZdvFw+VPfPo/LJxi77dlNLKYAE9FFLotskc/dIEmEaArEfwud7prMIlu87iLAn XejqdNM8qWfccK5/AGjgYfvzKx44a3iCT2yT4kapWNeYpEep5a0pqQMBRfLMHlWmGRqcGmBlkjaL 6mPI4sQNxG8IJ1Pyf0i3QODtlwZ5l5Wwmwr7Lw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for GOV in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`GOV. 86400 IN RRSIG ( DS 8 1 86400 20250930170000 20250917160000 46441 . AwbNY+voMl1OUTjSvUErAS5G/ScBk7y9kbl6u+4NsdnPdJe5RsPLVUMRn5bLmCFkT/13f+CSwvPT P4HvbqtehnLMfpwXI1tXWoZBdwbySOQaMWoehRg6BXlpIEQDdTMEcm0Um6Q0d2Kd0C6Myjrx927O nDxSkBOLcggqZRZdvFw+VPfPo/LJxi77dlNLKYAE9FFLotskc/dIEmEaArEfwud7prMIlu87iLAn XejqdNM8qWfccK5/AGjgYfvzKx44a3iCT2yT4kapWNeYpEep5a0pqQMBRfLMHlWmGRqcGmBlkjaL 6mPI4sQNxG8IJ1Pyf0i3QODtlwZ5l5Wwmwr7Lw== )`
	RRSIG=46441 and DNSKEY=46441 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.GOV for GOV/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 55736 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251101110613 20250901110613 2536 gov. D1H2/lQxqi95pn45IcLLiEhJqLj7xvGsuBj73AYEAzqX48/P7GQMRCj7rQAOTEwKoZaj70cVbIvD dPV4T5L9mw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for GOV
	`GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251101110613 20250901110613 2536 gov. D1H2/lQxqi95pn45IcLLiEhJqLj7xvGsuBj73AYEAzqX48/P7GQMRCj7rQAOTEwKoZaj70cVbIvD dPV4T5L9mw== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 32841 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. X8yCIiBTZbGfvBXKXJ6HhkD+8Gl4sugoypyE1DSWtE7am6S5GRJh9CV+xMY3egMEsryJkDT/BboX bsaLIntZgA== ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. l79Givvi7zNQVoVzLd1Vy8AmAHVC+4+XWJmVFMBOUccyEp16B0yJgtvdurok5tZixomUSuqdL3o9 I/VstrQ5kg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	d.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 44477 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. /BbbO4x0oAfxUU3UtDWmGuikGERkKAj9lzIeMgm5AfvjOPYqLTeTGs2pPwJLrYbFVCpiEanDhds+ grwypMa8lw== ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. 7u8HptsD/ldOyJqt9ymN4U+mSiBcUmr/MRdkoWaRQMzwZ2reqKBHy9qYGm+/Gs+T/DnrUNs4wUOv 6npVp989OQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 190 octets ;; HEADER SECTION ;; id = 30589 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. pRKWPcegYSj1EPwSFqdjKVIZW3FonyQJLDsh4b7BxlrAaTMC1xoHPJS8eX0EG3uErxTP/Nr066xF rN8iDPE27w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to c.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 190 octets ;; HEADER SECTION ;; id = 59319 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. 0pPt8mwwKZlXep3NTwRon1sH+vnO8fDaIUqNTeornW/+I8UN2Heaue895B8VFai+SftF+zAmB6DX yaG+is6+wA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to b.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 190 octets ;; HEADER SECTION ;; id = 20958 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. K6VBYlNgjMAdmA1KGirTNJ/DTvWCNT03y3hi+DLxuXmYygEFK8wvFZq3PUKQOSPDg2l2VEInJdjP lC/evggCLw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 34556 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. s5A3YHDbVMEfvAJtqEYRGMrWynnaDotSejzl+5/lkhbo5xKplhfkeLSo/yl6T/BUT+EEOxlGrGNH 48gT25kBeA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. qZ6QXd/w94EnTqooPfXwU+nutC+uUxp1wtNLj2hDeJrCjK47Q+sctYEf7XIWIvyOyxDDI+moYcW8 zUjAOj89Uw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. qZ6QXd/w94EnTqooPfXwU+nutC+uUxp1wtNLj2hDeJrCjK47Q+sctYEf7XIWIvyOyxDDI+moYcW8 zUjAOj89Uw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. l79Givvi7zNQVoVzLd1Vy8AmAHVC+4+XWJmVFMBOUccyEp16B0yJgtvdurok5tZixomUSuqdL3o9 I/VstrQ5kg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 43046 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. EC4M019XykJkW5j9gd7QDV/002qApfQ+ixnWRby/by0PkzX2FTnDcnS204vOZJa4jXc3RQZq3MRx t2nFp7yVzg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. liHv+wgUEYVdpM2bF4L2fjx7kiVr/7GfpTRxe4LNsSDVrWokzmqlNHQBbjByDqFnKoItYJif+xI0 EvNjrhDxpg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	c.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 50215 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. zx0zxoRVas2hcnqXpiD+2bC8G1J97oMl4SWn6wYh51aHhGRtEoruOAIPYfr3jyPyh/TmzFKIJszv wQR1hZUhXA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. szuHnCwuW892vZBv0nnoHIu8Ftb3KlOsxjB4QpmviFJq+APNxveO8Ay2Yqn4+BksLCsNDW3Oz463 VKk92kXwkg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 4917 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. tanAx7JXoGaRVA7rYqvrsjbSeNnXOLjBaR9WjP4J5tU3amFFhS6O0eHkoEXGR1hNQ+PBbiXaY/aq Zv9EC4iOSA== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. 09zcR6yEwAZ6P2w8z5YYrEwLSKqPQTpypIyq6B6URbJtl/8bBH72GT6ISjUhEh0ZipYk3MQBKQLl YfOBCkcB1w== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. 09zcR6yEwAZ6P2w8z5YYrEwLSKqPQTpypIyq6B6URbJtl/8bBH72GT6ISjUhEh0ZipYk3MQBKQLl YfOBCkcB1w== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. EC4M019XykJkW5j9gd7QDV/002qApfQ+ixnWRby/by0PkzX2FTnDcnS204vOZJa4jXc3RQZq3MRx t2nFp7yVzg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 23831 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. HnjebxR7JYRd85q/B2MfqNZaHOMw79Cz95yFKq3op8XsLTvHYL5B2XdazZARM9Xv+TzkkWZ4APF1 l7Uh1chM+g== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. QrC+O+ISSoB0fkRnGxX9YMnDSVSp9skubyEgv34R8XORw/35QvRUnJILqTp15tNM0f2Rxu1G5s6I yNEKvhte5A== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 44778 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. 4eVkUt4bdiGalDsY/iidAHSOeudfKrIrW/22E+ozLGMTcY5i4BF+L3vfSMopoYYiwi42Y6myyo9U 4az3BgW6UQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. bhrHem3bjYcf/ljBMa6WhpWh6LGtcTNuvgiLxbBouVszmPmcqporK+hPIEpkxQ7zmluQAW0IefQe lFWGJW49dA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 4275 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. dAzTFEbNm1FYHAYEWLhj2ieGcJGbXCzgwKq6wbn9VlnqmwcGHxbLWPfZPbZDX6/3oHSdXkTZ2Gb2 gS/BxMs+vw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. NmwqhEYeREK6P2bI0xNVhWebpBXFeFuI4gk3FQDOItP1haM4x1NB3zm9TtZIfrfoIfp1mQPOzZPP 6KuW50CXpg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. NmwqhEYeREK6P2bI0xNVhWebpBXFeFuI4gk3FQDOItP1haM4x1NB3zm9TtZIfrfoIfp1mQPOzZPP 6KuW50CXpg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. HnjebxR7JYRd85q/B2MfqNZaHOMw79Cz95yFKq3op8XsLTvHYL5B2XdazZARM9Xv+TzkkWZ4APF1 l7Uh1chM+g== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 30478 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. FfU827MQNf5kYeZavYpw6YpAiaP9fEMqL/ngzF86pbYLQvzUSGekfu6qorjT88ybf2wuKgggzylP Nz3lyd/N0g== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. xWJ+oz+9Gf/up+kT8hoqVYPR1ttq2nN2OVMCL7QS3VEHxAfDbvDhjIqkV3H7966e9JVQw3sEKaoY lVeFSZBU4A== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	b.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 21660 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. KvRwGyvUm5i1RMCGTommosdXbozCI1PYWk+Rqq6uTcYbtHkrfiUt6OexzW+L3DguwtXrYfebQYqQ BvnttbLDuw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. i/wLt2TjA/6D80HQT2lc2rclYvRXRQcc9UnXqpTi+MlEstJ9wvwpGgD2CjlebHUXlwhjNgvHcQGj x+7ZM38Z5Q== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 44497 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1758132601 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. mlgRXWmzYRRNz7/kdNgTZa16zvN0m1jkU/JOpEyvqn7PM7br6lb2eP+sKL/Ah4NWpU0gVP4woWcr PPfIXwmdKg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. A4W5bIG6C9MmSb4ov8tC87BIS48JR2PBzfFgmSqiUntTFdZvE7h1oauFjDSFodJPvMgLW1LXFycV Z87TNV6fow== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250918191745 20250916171745 35496 gov. A4W5bIG6C9MmSb4ov8tC87BIS48JR2PBzfFgmSqiUntTFdZvE7h1oauFjDSFodJPvMgLW1LXFycV Z87TNV6fow== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250918191745 20250916171745 35496 gov. FfU827MQNf5kYeZavYpw6YpAiaP9fEMqL/ngzF86pbYLQvzUSGekfu6qorjT88ybf2wuKgggzylP Nz3lyd/N0g== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: