DNSSEC Debugger - CRT2014-2024REVIEW.GOV

Domain Name:

Time: 2025-07-02 05:01:23 UTC

Analyzing DNSSEC problems for CRT2014-2024REVIEW.GOV

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to l.root-servers.net for ./DNSKEY
	Received 1414 bytes from 199.7.83.42
	;; Response received from [199.7.83.42] 1414 octets ;; HEADER SECTION ;; id = 63093 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=53148 is now in the chain-of-trust
	DNSKEY=46441 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to c.root-servers.net for CRT2014-2024REVIEW.GOV/A
	Received 635 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 635 octets ;; HEADER SECTION ;; id = 5104 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250714170000 20250701160000 46441 . AuSSky1d1t8xWtMXeHk/vJH3zm5rZphIgL/CB0lLdgCyozRYyaKornb1cH3bO6fot26Qfr8wXrU9 wG94oLm0KycXL6qmHCh9LJJvzCn64fmw6dHelc5T5hJqwp6kGVxRjWQRFAbRz4M95PvDNg25HFkZ /TMZWCrb2+DcRvy2E2cFtteuVFfbx8njP6GhcvSk3W3M9onTkTtKnYNLH8IIvjzLbHF+MDg0dNZm J2jyUaDF9DJIQxi8tv3x6wjeNTm6lyVMIDpOESskIdtTNtt941iP+ZMX4oSlbgNdLkPAUZptzKvg 3KDZ9IRRtGq5Ofhjt2mb74p6PvGUt6wQWmfi1g== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Query to l.root-servers.net for GOV/DNSKEY
	Received 610 bytes from 199.7.83.42
	;; Response received from [199.7.83.42] 610 octets ;; HEADER SECTION ;; id = 29786 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20250714170000 20250701160000 46441 . AuSSky1d1t8xWtMXeHk/vJH3zm5rZphIgL/CB0lLdgCyozRYyaKornb1cH3bO6fot26Qfr8wXrU9 wG94oLm0KycXL6qmHCh9LJJvzCn64fmw6dHelc5T5hJqwp6kGVxRjWQRFAbRz4M95PvDNg25HFkZ /TMZWCrb2+DcRvy2E2cFtteuVFfbx8njP6GhcvSk3W3M9onTkTtKnYNLH8IIvjzLbHF+MDg0dNZm J2jyUaDF9DJIQxi8tv3x6wjeNTm6lyVMIDpOESskIdtTNtt941iP+ZMX4oSlbgNdLkPAUZptzKvg 3KDZ9IRRtGq5Ofhjt2mb74p6PvGUt6wQWmfi1g== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN A 199.33.231.1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN A 199.33.232.1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN A 199.33.233.1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to c.root-servers.net for GOV/DS
	Received 370 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 370 octets ;; HEADER SECTION ;; id = 22993 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250714170000 20250701160000 46441 . AuSSky1d1t8xWtMXeHk/vJH3zm5rZphIgL/CB0lLdgCyozRYyaKornb1cH3bO6fot26Qfr8wXrU9 wG94oLm0KycXL6qmHCh9LJJvzCn64fmw6dHelc5T5hJqwp6kGVxRjWQRFAbRz4M95PvDNg25HFkZ /TMZWCrb2+DcRvy2E2cFtteuVFfbx8njP6GhcvSk3W3M9onTkTtKnYNLH8IIvjzLbHF+MDg0dNZm J2jyUaDF9DJIQxi8tv3x6wjeNTm6lyVMIDpOESskIdtTNtt941iP+ZMX4oSlbgNdLkPAUZptzKvg 3KDZ9IRRtGq5Ofhjt2mb74p6PvGUt6wQWmfi1g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for GOV in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20250714170000 20250701160000 46441 . AuSSky1d1t8xWtMXeHk/vJH3zm5rZphIgL/CB0lLdgCyozRYyaKornb1cH3bO6fot26Qfr8wXrU9 wG94oLm0KycXL6qmHCh9LJJvzCn64fmw6dHelc5T5hJqwp6kGVxRjWQRFAbRz4M95PvDNg25HFkZ /TMZWCrb2+DcRvy2E2cFtteuVFfbx8njP6GhcvSk3W3M9onTkTtKnYNLH8IIvjzLbHF+MDg0dNZm J2jyUaDF9DJIQxi8tv3x6wjeNTm6lyVMIDpOESskIdtTNtt941iP+ZMX4oSlbgNdLkPAUZptzKvg 3KDZ9IRRtGq5Ofhjt2mb74p6PvGUt6wQWmfi1g== )`
	RRSIG=46441 and DNSKEY=46441 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to b.ns.GOV for GOV/DNSKEY
	Received 291 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 291 octets ;; HEADER SECTION ;; id = 34542 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for GOV
	`GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 54649 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. tosMeiSlkT0EQJyL0lqgwtrpUfcQ5BOBffD95yYHEMuarZj5XYrsEEfAqwbFmMG0OsrIPJyZp/kU 8EWMqcD8+w== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. rPNFM+ZGJBcKgxEFkhsTAUbMvj4VWocegN1KOVVaCivD/zvH0NcuvNu4KsBgvJRAx09gJ/VWHgfj c/XJP4tAKw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	c.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 60046 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. KaX+M+Pv7hsnhMjV0QoSbUu6KUQLyL3NDbdxONoRU3OQH2xnJvbyG/S9ezNI4VrHu+zZI7Nk+BZJ +ZtjSOdo0Q== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. FqhFdoIDSUed0aFAOY/TWkI2hBMmzJwKdREdOUcJ9815btsu53hQtWmTiSb3TXxhv3cFYZg6dctB JLZKA1ibOg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to b.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 190 octets ;; HEADER SECTION ;; id = 63308 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. EeovJbVU7cR/d3hIbMGP/+UAMDqVUHx/AJke4xjwu6t642X+geJblgp2G0gzsoCrjkD0fo71eOoK HbloLyd//g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 190 octets ;; HEADER SECTION ;; id = 39662 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. +5ZcI3nlP/1LhbihhYLJo99TGjOvZYOQOC2LeE4MhXOuxJ6Z8Vrk0gYJOGDtPV0TejJvpc7ooKNA VULcqxK0xQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d.ns.GOV for GOV/SOA
	Received 190 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 190 octets ;; HEADER SECTION ;; id = 53922 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN SOA ;; ANSWER SECTION (2 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. uxiWQPbns5w0ns2d4nIoQXryvWE572Gm4kgKQVme06+udFZfMwAtW0DsbxoUslHVd2aEWJ6T209e IOyDNwKQ4A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to c.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 365 octets ;; HEADER SECTION ;; id = 28084 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. Hv/WVeIwF95peEWxl6AiIuHbwDskUV4wlcKRaat0kXn08c3IGNqA24STi19ZdfIEPCtKkW1gYVan 4QnF7ADBLg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. dgWprfGWMVtWZrB4GnC2C97g1k+lPFigguATx858+uHKZM4nr0jlHL5Hj41ILhvIcB0LaCuSFtLD zgyLAxQPeA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. dgWprfGWMVtWZrB4GnC2C97g1k+lPFigguATx858+uHKZM4nr0jlHL5Hj41ILhvIcB0LaCuSFtLD zgyLAxQPeA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. tosMeiSlkT0EQJyL0lqgwtrpUfcQ5BOBffD95yYHEMuarZj5XYrsEEfAqwbFmMG0OsrIPJyZp/kU 8EWMqcD8+w== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 34377 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. D3wSa0I8S9xDF6u0I3ikm+3D+Egvx1THtik2Xz9eYQ566kNSH/JzcKetwUpBq7KHx2OqbT9O61N7 OJ1K2cRlQg== ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. TCnG5kixZedYiZJdina7d0V+SHwXPcQlvHVF+GRQry/Q4i847c1x2yfo7C1+GRfNSfpxmsNOqQQv ljGfG7vc2w== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	b.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 30790 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. iLt8470RAAehwTVZSsl0XSiXNs/FhznWJ5zvJWFJzmMbVR7Ha+hXv96FlZM8FyxrdXXoy3CmMFO5 5LU2pdEP4Q== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. aiZ4UugFzF+N5iJrKbAT2gCjuDM9ELdMSCOHXSZIwEWFM8jxYqvGYQqgp/y91CReEtj2by1Wg12f CVe7iawhhw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to b.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 365 octets ;; HEADER SECTION ;; id = 27798 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. F1iSfO7Yn6WnqKk2tCboMcWlVF0roxziwk+lwlcwQCF38cPwncmYdEES9NlF9MmZbCj9cY3l4DOr Dqdgz9as1w== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. qzDoCsWEJqHCClODg/GNTjpQam/AfHjoVzqL+xPISrYl0Jog5REvhCfSsHnHqgPj8mdYLQZtVtGV PcJEfAoVPg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. qzDoCsWEJqHCClODg/GNTjpQam/AfHjoVzqL+xPISrYl0Jog5REvhCfSsHnHqgPj8mdYLQZtVtGV PcJEfAoVPg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. TCnG5kixZedYiZJdina7d0V+SHwXPcQlvHVF+GRQry/Q4i847c1x2yfo7C1+GRfNSfpxmsNOqQQv ljGfG7vc2w== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 9760 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. PwIhJLPCy7QK7Lxp08HmPaTxOVayUuSk1fX4LCAcLwnePCMB+Iq8D0upwxFtkhtSDudF39EEjiHZ fkOZ/J52bQ== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. 4fAejIa1Sm5aPmwdG/ksTVaD7+CVOqzSP4wdJeUD/6vaV/ekrr37VqW2loj2ZW8YoNGQE5kqQPf5 0r13gtYrLQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 17390 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. utGFopW8UijBinlEkpYbM1ahrySzHHoBixA2sqsn+pOij706VefN4khJCQnrEV6Qpub8jphp0ZYO SkYow4MJMw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. JmvS4wXYj8grOEGHORh9Z/4jL3ePiVZVKCkydA9bPUzeEudLI9N7BAsra/egUj7ZgliiMmagbch7 pggNu8rzTA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to a.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 365 octets ;; HEADER SECTION ;; id = 963 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. GHz+Z7al49EFIPe+jmpQ1EsmxalyssnXQDcYwNT2rDMMJP6Af/IbKzQzep8h8ZGWULAMfUhdBC9G M03rDAxS3A== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. v1WPXPF3qEY91RUOIpef1c+bWQC1UYB1fyxmthD9Vyoq6rhhs3aj+8GN731XUbVkuQW/Xq47w37D cyw8UjvaLA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. v1WPXPF3qEY91RUOIpef1c+bWQC1UYB1fyxmthD9Vyoq6rhhs3aj+8GN731XUbVkuQW/Xq47w37D cyw8UjvaLA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. PwIhJLPCy7QK7Lxp08HmPaTxOVayUuSk1fX4LCAcLwnePCMB+Iq8D0upwxFtkhtSDudF39EEjiHZ fkOZ/J52bQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

GOV

	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 50855 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. +3VvKytCVdnsojJU4CpxTEDIRKZzBoZffwJ/iLwTqrcyRvgHOrqZnSIrCHx89LPyu/IC8NKO9YG5 SQ3yiP0ndg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. 3Qa/TNKigfPFWPasziDe+GrUJhHiQtuxk5/oGnnGLYjtQZaCUeiYtqnBvxCVOiH9gMNfjkfxQflA 2SoHEhrVXQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	d.ns.GOV is authoritative for CRT2014-2024REVIEW.GOV
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/DNSKEY
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 10190 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. jJC/JQdQY/wznlSikb4TedyQ0hjbOr34TsnlTVwcEXQwnUnztgpMwbF/muldiJfhSy/XwXhkfR0B wUDeDgEtPw== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060123 20250701040123 35496 gov. XkpPu5kiUkQDuerqMypHcHsv1sLj13inF3WsQLw0uLsHJJ2MAfXFs8PNngVzmtkGRDJLboNDcmjb d8QD2mGeAg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by gov zone
	Query to d.ns.GOV for CRT2014-2024REVIEW.GOV/A
	Received 365 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 365 octets ;; HEADER SECTION ;; id = 27760 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; CRT2014-2024REVIEW.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) GOV. 300 IN SOA ( a.ns.GOV. dns.cloudflare.com. 1751432106 ;serial 3600 ;refresh 900 ;retry 604800 ;expire 300 ;minimum ) CRT2014-2024REVIEW.GOV. 300 IN NSEC ( \000.crt2014-2024review.gov. RRSIG NSEC NXNAME ) GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060124 20250701040124 35496 gov. l038uxDqLc6RpTugSckvA4vNyj40uI7TrydHl00kxewEwuknYVVM5ykKBj+QrvVEpF3IxE4ncyTm zElFhZfoZg== ) CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060124 20250701040124 35496 gov. Aoihk6aQtZgBe55pVU9IP2S5HBQ0qbWyAfLQJ0UVDG59ZqrK2J18/lLlWbD9SPL6ux4dVcMVoTO9 rX8iviec7A== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`CRT2014-2024REVIEW.GOV. 300 IN RRSIG ( NSEC 13 2 300 20250703060124 20250701040124 35496 gov. Aoihk6aQtZgBe55pVU9IP2S5HBQ0qbWyAfLQJ0UVDG59ZqrK2J18/lLlWbD9SPL6ux4dVcMVoTO9 rX8iviec7A== )`
	RRSIG=35496 and DNSKEY=35496 verifies the NSEC RRset
	NSEC proves no records of type A exist for CRT2014-2024REVIEW.GOV
	Found 1 RRSIGs over SOA RRset
	`GOV. 300 IN RRSIG ( SOA 13 1 300 20250703060123 20250701040123 35496 gov. +3VvKytCVdnsojJU4CpxTEDIRKZzBoZffwJ/iLwTqrcyRvgHOrqZnSIrCHx89LPyu/IC8NKO9YG5 SQ3yiP0ndg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test CRT2014-2024REVIEW.GOV at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: