DNSSEC Analyzer - HEALTHINDICATORS.GOV

Back to Verisign Labs Tools

Domain Name:

Detail: more(+) / less(-)

Time: 2018-12-18 11:09:10 UTC, NTP stratum 4

Analyzing DNSSEC problems for HEALTHINDICATORS.GOV

DS=19036/SHA-256 is now in the chain-of-trust

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 )`
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to j.root-servers.net for ./DNSKEY
	Received 1139 bytes from 192.58.128.30
	;; Answer received from 192.58.128.30 (1139 bytes) ;; HEADER SECTION ;; id = 387 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0 EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/Q Zxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hO A2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8 ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ) ; Key ID = 19036 . 172800 IN DNSKEY ( 256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YC CSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLb td8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX 1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7 WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78= ) ; Key ID = 2134 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20181231000000 20181210000000 20326 . oZ1v3JnBSPHWf2HXeAyoqW/lTUP0FAs1tcEQOM47KD3Rb1qHySTbGhh0rTclRlm86GKUlPSiPaF3 zkJ5h46Nazo3r5iAqorjQ1FQD69AgLXpdEIrnzkC3tTTZv+h+Qi2/UosrzoPQnWj3pIdvZvcP5W2 T6nlP7PN5EP2LSeQzLxT8sOUGsBt0iDiGtqm+bN0mKxKdV4599g0+83FtubMG5oYWUBpMJ/os956 uvW/Vg2cwv3/m9X/cX38svYEcAbniXnyqT88+wqPBMA782tUu1AU1tb9QyMt0LcmsDgjrBWl38SG r/LvaNxHMrfU7ymNuEj6NeLBhNfuDEaz0zBRtQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0 EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/Q Zxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hO A2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8 ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ) ; Key ID = 19036`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAdp440E6Mz7c+Vl4sPd0lTv2Qnc85dTW64j0RDD7sS/zwxWDJ3QRES2VKDO0OXLMqVJSs2YC CSDKuZXpDPuf++YfAu0j7lzYYdWTGwyNZhEaXtMQJIKYB96pW6cRkiG2Dn8S2vvo/PxW9PKQsyLb td8PcwWglHgReBVp7kEv/Dd+3b3YMukt4jnWgDUddAySg558Zld+c9eGWkgWoOiuhg4rQRkFstMX 1pRyOSHcZuH38o1WcsT4y3eT0U/SR6TOSLIB/8Ftirux/h297oS7tCcwSPt0wwry5OFNTlfMo8v7 WGurogfk8hPipf7TTKHIi20LWen5RCsvYsQBkYGpF78= ) ; Key ID = 2134`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=19036/SEP is now in the chain-of-trust
	DS=19036/SHA-256 verifies DNSKEY=19036/SEP
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20181231000000 20181210000000 20326 . oZ1v3JnBSPHWf2HXeAyoqW/lTUP0FAs1tcEQOM47KD3Rb1qHySTbGhh0rTclRlm86GKUlPSiPaF3 zkJ5h46Nazo3r5iAqorjQ1FQD69AgLXpdEIrnzkC3tTTZv+h+Qi2/UosrzoPQnWj3pIdvZvcP5W2 T6nlP7PN5EP2LSeQzLxT8sOUGsBt0iDiGtqm+bN0mKxKdV4599g0+83FtubMG5oYWUBpMJ/os956 uvW/Vg2cwv3/m9X/cX38svYEcAbniXnyqT88+wqPBMA782tUu1AU1tb9QyMt0LcmsDgjrBWl38SG r/LvaNxHMrfU7ymNuEj6NeLBhNfuDEaz0zBRtQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=2134 is now in the chain-of-trust
	Query to e.root-servers.net for HEALTHINDICATORS.GOV/A
	Error querying e.root-servers.net/2001:500:a8:0:0:0:0:e for HEALTHINDICATORS.GOV/A: 'IPv6 transport disabled'
	Received 675 bytes from 192.203.230.10
	;; Answer received from 192.203.230.10 (675 bytes) ;; HEADER SECTION ;; id = 54049 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) GOV. 172800 IN NS a.gov-servers.net. GOV. 172800 IN NS b.gov-servers.net. GOV. 172800 IN NS c.gov-servers.net. GOV. 172800 IN NS d.gov-servers.net. GOV. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe GOV. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20181231050000 20181218040000 2134 . w5onDzzjSiBXfIjfiYAXclYuyyRlKhNUH4J15XsotCYh8zj/1MP/D3S6D6iwHdJLvaqzVOKHBgQ3 QvCi3Cv4/WwgHasPOHFTJmtvHFjor47rJxCiPdCkz7ux+pBp9tSNsT/+2oDIVIni8gi5SjFg7+Lt +oWR9gmZdW4MGYw2gs5h+7oCgs0SA7Sn3um4heBR4LM164GOEGIpBuU1likWR4j5++WDic/iNLm/ gLXKgdmpJOftzU3D1W4jaKGh0inPvwL3g66iw+gGWAcZZpctYXMMaSweYx1Ty3kZVfl80DlFmBO/ bcCm28Nl0SYgUWZmMIbYDnChjtyQD5n03G888A== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to c.root-servers.net for GOV/DNSKEY
	Received 661 bytes from 192.33.4.12
	;; Answer received from 192.33.4.12 (661 bytes) ;; HEADER SECTION ;; id = 11470 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) gov. 172800 IN NS d.gov-servers.net. gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe gov. 86400 IN RRSIG ( DS 8 1 86400 20181231050000 20181218040000 2134 . w5onDzzjSiBXfIjfiYAXclYuyyRlKhNUH4J15XsotCYh8zj/1MP/D3S6D6iwHdJLvaqzVOKHBgQ3 QvCi3Cv4/WwgHasPOHFTJmtvHFjor47rJxCiPdCkz7ux+pBp9tSNsT/+2oDIVIni8gi5SjFg7+Lt +oWR9gmZdW4MGYw2gs5h+7oCgs0SA7Sn3um4heBR4LM164GOEGIpBuU1likWR4j5++WDic/iNLm/ gLXKgdmpJOftzU3D1W4jaKGh0inPvwL3g66iw+gGWAcZZpctYXMMaSweYx1Ty3kZVfl80DlFmBO/ bcCm28Nl0SYgUWZmMIbYDnChjtyQD5n03G888A== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to j.root-servers.net for GOV/DS
	Received 403 bytes from 192.58.128.30
	;; Answer received from 192.58.128.30 (403 bytes) ;; HEADER SECTION ;; id = 51229 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (3 records) GOV. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe GOV. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20181231050000 20181218040000 2134 . w5onDzzjSiBXfIjfiYAXclYuyyRlKhNUH4J15XsotCYh8zj/1MP/D3S6D6iwHdJLvaqzVOKHBgQ3 QvCi3Cv4/WwgHasPOHFTJmtvHFjor47rJxCiPdCkz7ux+pBp9tSNsT/+2oDIVIni8gi5SjFg7+Lt +oWR9gmZdW4MGYw2gs5h+7oCgs0SA7Sn3um4heBR4LM164GOEGIpBuU1likWR4j5++WDic/iNLm/ gLXKgdmpJOftzU3D1W4jaKGh0inPvwL3g66iw+gGWAcZZpctYXMMaSweYx1Ty3kZVfl80DlFmBO/ bcCm28Nl0SYgUWZmMIbYDnChjtyQD5n03G888A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DS records for GOV in the . zone
	DS=7698/SHA-1 has algorithm RSASHA256
	DS=7698/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`GOV. 86400 IN RRSIG ( DS 8 1 86400 20181231050000 20181218040000 2134 . w5onDzzjSiBXfIjfiYAXclYuyyRlKhNUH4J15XsotCYh8zj/1MP/D3S6D6iwHdJLvaqzVOKHBgQ3 QvCi3Cv4/WwgHasPOHFTJmtvHFjor47rJxCiPdCkz7ux+pBp9tSNsT/+2oDIVIni8gi5SjFg7+Lt +oWR9gmZdW4MGYw2gs5h+7oCgs0SA7Sn3um4heBR4LM164GOEGIpBuU1likWR4j5++WDic/iNLm/ gLXKgdmpJOftzU3D1W4jaKGh0inPvwL3g66iw+gGWAcZZpctYXMMaSweYx1Ty3kZVfl80DlFmBO/ bcCm28Nl0SYgUWZmMIbYDnChjtyQD5n03G888A== )`
	RRSIG=2134 and DNSKEY=2134 verifies the DS RRset
	DS=7698/SHA-1 is now in the chain-of-trust
	`GOV. 86400 IN DS 7698 8 1 6f109b46a80cea9613dc86d5a3e065520505aafe`
	`GOV. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	Query to d.gov-servers.net for GOV/DNSKEY
	Received 743 bytes from 81.19.194.30
	;; Answer received from 81.19.194.30 (743 bytes) ;; HEADER SECTION ;; id = 52739 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 86400 IN DNSKEY ( 256 3 8 AQOzQCL1fIfPdHz2b/lMEAyj5l7JieIaa1GJ1/KDBE80I/FgASeN5ekMXj8XwPdLS38aXq4M67zu locw3A3YjP8qGvR8EZTClRKoFWfQSFyroyXq5w2GN2ir8gxXMwRcIcSg5AVK+3uGMLNRdwVXZB27 GlaqF75saOfj2hP7t2bs6Q== ) ; Key ID = 40499 GOV. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 GOV. 86400 IN RRSIG ( DNSKEY 8 1 86400 20181223224731 20181208224231 7698 gov. Il/96qUKHNn0ZAOoV2App1UfZY1xcWWeHbsbv5fP6NDWPYyMAXR53AvffkiU6HPQtAciq1hHHgln aZ8jfWnDvffBADBaTioeblHVk9JboOUnoVITbsDBTCfZQG7EIn/nfhMy6h/1HJpdkuWshZ7eH+93 c2csPFAPAbF/8qfgixdkl4juvcDdugrXFmWC7A6ns3cjRZeCUd/RLt1SiNG7RjOndb/GGoQcAEDS X+2tJEurPUgMosqtvLk9HHvv3eLAJxy6i184vnN+jMsm1/WEkiK9nW4LCGSamux+LLBvTqfEhQE1 2zZ946dysmZh8czhq4myhgq6pZD08A4Nb7eGnw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found 2 DNSKEY records for GOV
	`GOV. 86400 IN DNSKEY ( 256 3 8 AQOzQCL1fIfPdHz2b/lMEAyj5l7JieIaa1GJ1/KDBE80I/FgASeN5ekMXj8XwPdLS38aXq4M67zu locw3A3YjP8qGvR8EZTClRKoFWfQSFyroyXq5w2GN2ir8gxXMwRcIcSg5AVK+3uGMLNRdwVXZB27 GlaqF75saOfj2hP7t2bs6Q== ) ; Key ID = 40499`
	`GOV. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-1 verifies DNSKEY=7698/SEP
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 86400 IN RRSIG ( DNSKEY 8 1 86400 20181223224731 20181208224231 7698 gov. Il/96qUKHNn0ZAOoV2App1UfZY1xcWWeHbsbv5fP6NDWPYyMAXR53AvffkiU6HPQtAciq1hHHgln aZ8jfWnDvffBADBaTioeblHVk9JboOUnoVITbsDBTCfZQG7EIn/nfhMy6h/1HJpdkuWshZ7eH+93 c2csPFAPAbF/8qfgixdkl4juvcDdugrXFmWC7A6ns3cjRZeCUd/RLt1SiNG7RjOndb/GGoQcAEDS X+2tJEurPUgMosqtvLk9HHvv3eLAJxy6i184vnN+jMsm1/WEkiK9nW4LCGSamux+LLBvTqfEhQE1 2zZ946dysmZh8czhq4myhgq6pZD08A4Nb7eGnw== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=40499 is now in the chain-of-trust
	Query to d.gov-servers.net for HEALTHINDICATORS.GOV/A
	Received 402 bytes from 81.19.194.30
	;; Answer received from 81.19.194.30 (402 bytes) ;; HEADER SECTION ;; id = 27817 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 4 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) HEALTHINDICATORS.GOV. 86400 IN NS ns1.cdc.GOV. HEALTHINDICATORS.GOV. 86400 IN NS ns2.cdc.GOV. HEALTHINDICATORS.GOV. 86400 IN NS ns3.cdc.GOV. HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 1 58b8fb59bfab6a79d3c2c3ab6bdb0c8995a0fa5e ) HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 2 f7b916d7ba9141567f6ba6588201bb463d6ab3255c0f897bedc9439a4578f7c1 ) HEALTHINDICATORS.GOV. 3600 IN RRSIG ( DS 8 2 3600 20181225041007 20181218041007 40499 gov. LF9xmYokOao32Tnhm1ZOXkXZjmzsOxWOfCPyt+uq318jvDTx8WDsyrSH7WA2KiZuWIaRSY/C39lo P/NY6AkJz7PxE21BIlTRUyCEdYwX1eSo9XqLRqkWqG5BFmxpiWiOREZVLRaNRHGBMWc35DbC9HXF U8Z+Sb1dpcZF/eQ/LpU= ) ;; ADDITIONAL SECTION (4 records) ns1.cdc.GOV. 86400 IN A 198.246.96.61 ns2.cdc.GOV. 86400 IN A 198.246.96.92 ns3.cdc.GOV. 86400 IN A 198.246.125.10 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Query to a.gov-servers.net for HEALTHINDICATORS.GOV/DNSKEY
	Received 402 bytes from 69.36.157.30
	;; Answer received from 69.36.157.30 (402 bytes) ;; HEADER SECTION ;; id = 60255 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 4 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) HEALTHINDICATORS.GOV. 86400 IN NS ns1.cdc.GOV. HEALTHINDICATORS.GOV. 86400 IN NS ns2.cdc.GOV. HEALTHINDICATORS.GOV. 86400 IN NS ns3.cdc.GOV. HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 1 58b8fb59bfab6a79d3c2c3ab6bdb0c8995a0fa5e ) HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 2 f7b916d7ba9141567f6ba6588201bb463d6ab3255c0f897bedc9439a4578f7c1 ) HEALTHINDICATORS.GOV. 3600 IN RRSIG ( DS 8 2 3600 20181225041007 20181218041007 40499 gov. LF9xmYokOao32Tnhm1ZOXkXZjmzsOxWOfCPyt+uq318jvDTx8WDsyrSH7WA2KiZuWIaRSY/C39lo P/NY6AkJz7PxE21BIlTRUyCEdYwX1eSo9XqLRqkWqG5BFmxpiWiOREZVLRaNRHGBMWc35DbC9HXF U8Z+Sb1dpcZF/eQ/LpU= ) ;; ADDITIONAL SECTION (4 records) ns1.cdc.GOV. 86400 IN A 198.246.96.61 ns2.cdc.GOV. 86400 IN A 198.246.96.92 ns3.cdc.GOV. 86400 IN A 198.246.125.10 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found child zone HEALTHINDICATORS.GOV

HEALTHINDICATORS.GOV

	Checking DS between GOV and HEALTHINDICATORS.GOV
	Query to b.gov-servers.net for HEALTHINDICATORS.GOV/DS
	Received 296 bytes from 209.112.123.30
	;; Answer received from 209.112.123.30 (296 bytes) ;; HEADER SECTION ;; id = 17432 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN DS ;; ANSWER SECTION (3 records) HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 1 58b8fb59bfab6a79d3c2c3ab6bdb0c8995a0fa5e ) HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 2 f7b916d7ba9141567f6ba6588201bb463d6ab3255c0f897bedc9439a4578f7c1 ) HEALTHINDICATORS.GOV. 3600 IN RRSIG ( DS 8 2 3600 20181225041007 20181218041007 40499 gov. LF9xmYokOao32Tnhm1ZOXkXZjmzsOxWOfCPyt+uq318jvDTx8WDsyrSH7WA2KiZuWIaRSY/C39lo P/NY6AkJz7PxE21BIlTRUyCEdYwX1eSo9XqLRqkWqG5BFmxpiWiOREZVLRaNRHGBMWc35DbC9HXF U8Z+Sb1dpcZF/eQ/LpU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found 2 DS records for HEALTHINDICATORS.GOV in the GOV zone
	DS=46120/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=46120/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	Found 1 RRSIGs over DS RRset
	`HEALTHINDICATORS.GOV. 3600 IN RRSIG ( DS 8 2 3600 20181225041007 20181218041007 40499 gov. LF9xmYokOao32Tnhm1ZOXkXZjmzsOxWOfCPyt+uq318jvDTx8WDsyrSH7WA2KiZuWIaRSY/C39lo P/NY6AkJz7PxE21BIlTRUyCEdYwX1eSo9XqLRqkWqG5BFmxpiWiOREZVLRaNRHGBMWc35DbC9HXF U8Z+Sb1dpcZF/eQ/LpU= )`
	RRSIG=40499 and DNSKEY=40499 verifies the DS RRset
	DS=46120/SHA-1 is now in the chain-of-trust
	`HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 1 58b8fb59bfab6a79d3c2c3ab6bdb0c8995a0fa5e )`
	`HEALTHINDICATORS.GOV. 3600 IN DS ( 46120 7 2 f7b916d7ba9141567f6ba6588201bb463d6ab3255c0f897bedc9439a4578f7c1 )`
	Query to ns1.cdc.GOV for HEALTHINDICATORS.GOV/DNSKEY
	Received 981 bytes from 198.246.96.61
	;; Answer received from 198.246.96.61 (981 bytes) ;; HEADER SECTION ;; id = 43460 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN DNSKEY ;; ANSWER SECTION (4 records) healthindicators.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAc3woJ30X2b3x+002P5OqD5NUz91ojfBDrL6aA9NQgLeIPr2OMKSc/Yj1OGdwYd05rZuC653 /1QuUcxPx15eXsHBkNOxe8Zoi6v9EHeMfAYiW1r94AR/VPVahqv1csrdgpBKmSOlsFbj/5KqGM9U FniYAEHorzNf5Ds1tGxogvh1Lz0/O2Pp9CCIAIlyljvQS/MiHLs1zPb2U4kTFdRY2RgCHGw/rsia 6XLZEJ8xgl+H+GNj44CQJJBNl2QzAuPfOvYsTt5iDXByRaje8LGZGZ9+16f/OX1ZtSZ4eQONYoIK D5HTR5T639WLoAWNKWfp4qwmfgDasswOLyY4X14huMs= ) ; Key ID = 46120 healthindicators.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAY1VrJYeSFAnLIV9xNd9FVJQUdESZqhG/4RPlo6Ghcp5/7SBXto/Q/TeRcrFY6NNoPr4BnCY DwZ4tkH+mOcsLGEL13HYuLC/47TERtPLJETXhXkoHFg4x4YPf+CAC1tW3JP7UVFdRJWFEfzki+9y xObg+pXEqzUyf/UWGKZ9Mh05 ) ; Key ID = 33873 healthindicators.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20181227170209 20181217160209 33873 healthindicators.gov. WeA4lVH/eyq/aAFwCVVCKPu/6esv39IQhV/6uvYcgeoWLUV4UNR75++h5NCvQgveSaRPIEIuDmyF 0JK7UW1ZqGufjlmel0ouDJu66MJC/xf2rOJ/hLrCl5DI9/WaZlfwCCN2Tu4XAnTq6zhD3N+5UMJc xF4iLGMlc6FX5dlB9bE= ) healthindicators.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20181227170209 20181217160209 46120 healthindicators.gov. e+i12blqBLhsnzE/0rl4wFQnwZzIjvcIBqKtT6P+aXryxQ98CDKthmLrRzum9i4pXEXNfN+rhaSo CnQXD376k51Ur/i3+s20CEQXE53rwj24CS9bjxZbhCI62kyxVgn7FqfABP9Fd0Oby76qHliPPQW+ OfEGd18HxVBxIoQoX0P1NSeh8NEhHhSJt8SDN7iIqNwEw3MiVjs5poWshWVh/Fxs+8wTMygZ8v6T jFuCCQrqpo94WXKGOvVQIsiusRa3yjmTT867ClFsOHZya3C3foMt1yICYSgte1RdjbE8FszN8kN/ BW5Pzx8RGtAirAjocVpXE+wzPAXIvJgki8ZkXg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for HEALTHINDICATORS.GOV
	`healthindicators.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAc3woJ30X2b3x+002P5OqD5NUz91ojfBDrL6aA9NQgLeIPr2OMKSc/Yj1OGdwYd05rZuC653 /1QuUcxPx15eXsHBkNOxe8Zoi6v9EHeMfAYiW1r94AR/VPVahqv1csrdgpBKmSOlsFbj/5KqGM9U FniYAEHorzNf5Ds1tGxogvh1Lz0/O2Pp9CCIAIlyljvQS/MiHLs1zPb2U4kTFdRY2RgCHGw/rsia 6XLZEJ8xgl+H+GNj44CQJJBNl2QzAuPfOvYsTt5iDXByRaje8LGZGZ9+16f/OX1ZtSZ4eQONYoIK D5HTR5T639WLoAWNKWfp4qwmfgDasswOLyY4X14huMs= ) ; Key ID = 46120`
	`healthindicators.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAY1VrJYeSFAnLIV9xNd9FVJQUdESZqhG/4RPlo6Ghcp5/7SBXto/Q/TeRcrFY6NNoPr4BnCY DwZ4tkH+mOcsLGEL13HYuLC/47TERtPLJETXhXkoHFg4x4YPf+CAC1tW3JP7UVFdRJWFEfzki+9y xObg+pXEqzUyf/UWGKZ9Mh05 ) ; Key ID = 33873`
	DNSKEY=46120/SEP is now in the chain-of-trust
	DS=46120/SHA-1 verifies DNSKEY=46120/SEP
	DS=46120/SHA-256 verifies DNSKEY=46120/SEP
	Found 2 RRSIGs over DNSKEY RRset
	`healthindicators.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20181227170209 20181217160209 33873 healthindicators.gov. WeA4lVH/eyq/aAFwCVVCKPu/6esv39IQhV/6uvYcgeoWLUV4UNR75++h5NCvQgveSaRPIEIuDmyF 0JK7UW1ZqGufjlmel0ouDJu66MJC/xf2rOJ/hLrCl5DI9/WaZlfwCCN2Tu4XAnTq6zhD3N+5UMJc xF4iLGMlc6FX5dlB9bE= )`
	`healthindicators.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20181227170209 20181217160209 46120 healthindicators.gov. e+i12blqBLhsnzE/0rl4wFQnwZzIjvcIBqKtT6P+aXryxQ98CDKthmLrRzum9i4pXEXNfN+rhaSo CnQXD376k51Ur/i3+s20CEQXE53rwj24CS9bjxZbhCI62kyxVgn7FqfABP9Fd0Oby76qHliPPQW+ OfEGd18HxVBxIoQoX0P1NSeh8NEhHhSJt8SDN7iIqNwEw3MiVjs5poWshWVh/Fxs+8wTMygZ8v6T jFuCCQrqpo94WXKGOvVQIsiusRa3yjmTT867ClFsOHZya3C3foMt1yICYSgte1RdjbE8FszN8kN/ BW5Pzx8RGtAirAjocVpXE+wzPAXIvJgki8ZkXg== )`
	RRSIG=33873 and DNSKEY=33873 verifies the DNSKEY RRset
	RRSIG=46120 and DNSKEY=46120/SEP verifies the DNSKEY RRset
	DNSKEY=33873 is now in the chain-of-trust
	Query to ns3.cdc.GOV for HEALTHINDICATORS.GOV/A
	Received 1052 bytes from 198.246.125.10
	;; Answer received from 198.246.125.10 (1052 bytes) ;; HEADER SECTION ;; id = 15413 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 4 arcount = 7 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN A ;; ANSWER SECTION (2 records) healthindicators.gov. 3600 IN A 64.191.212.230 healthindicators.gov. 3600 IN RRSIG ( A 7 2 3600 20181216093136 20181206085833 35595 healthindicators.gov. hNuNwrdxZh4UZyRGjZs6WyXPUitL4ClNjbCnDNRlN4CzhOJXAbq8g2I01avWqk6gVRKxc2Duxfdc Vf6708OpEA/7pcRZF2fOLDOT3cjfwGPr6QKTnWDcd2vKSzDNr//XVHk3We8AlV0aMtQ8QtomJ6/Y hL0DaxquwPCzVaYhvps= ) ;; AUTHORITY SECTION (4 records) healthindicators.gov. 3600 IN NS ns1.cdc.gov. healthindicators.gov. 3600 IN NS ns2.cdc.gov. healthindicators.gov. 3600 IN NS ns3.cdc.gov. healthindicators.gov. 3600 IN RRSIG ( NS 7 2 3600 20181216093136 20181206085833 35595 healthindicators.gov. RRrjH37kl1kvzaMGm2xpZVmxU511hc/w18X0HfO8MuX+T4jqvh2yNbm5+nFqwyOZ44b533Rry+M6 gOqpS3ZvwJIrbnSKQFtz0PiaOb4UOw3o9sWa8G2ahPtFpvmsEjuUby/Jq2pPiPhbUXvy6kn+6KJ8 wZZt5Khw6+WjG4jTpsM= ) ;; ADDITIONAL SECTION (7 records) ns2.cdc.gov. 600 IN A 198.246.96.92 ns1.cdc.gov. 600 IN A 198.246.96.61 ns3.cdc.gov. 600 IN A 198.246.125.10 ns2.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220104310 20181210102905 2387 cdc.gov. gnleOxRpAjaodMmroQK0JJxgaX+DKkDD2lgo73syIBRCit4YLkKev209Ub1aGO55su7Yq0e6Gk0d SGqUW2HpiYjYsRzySPe2bnWk+PGB2f+2bN1Sp2E2OIuDFB6R451uN2xi+hTGTxHJLFsTpXidBtcv mYbFgZB6mU/bbvHdjTw= ) ns1.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220115330 20181210110246 2387 cdc.gov. PpAGaiie8aqNT66JZXzjaqg2ZkX75g18A+EvxLgr2z0WekMHMhNQ3UDqd7fjO255l2cZWuRLq2QV x1v3UqISPZy+/0jPXVp/QesZ16DclmS6ew/K8DlvFuyKWa/pQJ4VIq+fwvXirN7NNn+tbtJ2jDxD SfBUL/yg9DcQZYqjRuw= ) ns3.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220105125 20181210100256 2387 cdc.gov. km7c0ssRYZU0RI36cP/2rbawucMihEPC8H4AmBeK/fAlh02DT8uOSb7E/YYkajjHVZNO1D3aBQ86 PtLk6o1HOxsQ2Y0VlYWVukNe18jrUGz4F9YIolE4PRrv7YxjutBzbhomJznp9gVE+UMNWKp+VGGp prPFWOiMh9H+xdd3JbE= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	HEALTHINDICATORS.GOV is authoritative for HEALTHINDICATORS.GOV
	Found RRSIG signed by healthindicators.gov zone
	Query to ns2.cdc.gov for HEALTHINDICATORS.GOV/SOA
	Received 1081 bytes from 198.246.96.92
	;; Answer received from 198.246.96.92 (1081 bytes) ;; HEADER SECTION ;; id = 39713 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 4 arcount = 7 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN SOA ;; ANSWER SECTION (2 records) healthindicators.gov. 3600 IN SOA ( ns2.cdc.gov. dnsadmin.cdc.gov. 563741083 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 84600 ;minimum ) healthindicators.gov. 3600 IN RRSIG ( SOA 7 2 3600 20181227170209 20181217160209 33873 healthindicators.gov. ar3mNsCtcTX+jzR/JFEr8HYC1NYJjACHN6KCQsmMTqxQtAVmKlugbO810XbO3ry5JCPWege0D9oC L9Y0vsFQqXLQX734gTTf0MDpsn5CbBC31ywm3SA8rmjFzLGOHTsPI3zokYCADNWJQOb4aFKZpFVH s9hWwuCZxLrQX5ye+Ak= ) ;; AUTHORITY SECTION (4 records) healthindicators.gov. 3600 IN NS ns3.cdc.gov. healthindicators.gov. 3600 IN NS ns2.cdc.gov. healthindicators.gov. 3600 IN NS ns1.cdc.gov. healthindicators.gov. 3600 IN RRSIG ( NS 7 2 3600 20181223184439 20181213183939 33873 healthindicators.gov. RBHTRfBBXyBhQY+ua1iaWt70cQQkJyx0EncIHbCdDdV+3rDigy44lbaOlQ0SnE+KOUK1R+XdTPLH 6zXj4pBotN+ESa5cXRuLXzhg+uvnE2hMuDFnVA9kKVuXcbL7hQQprV6ZSygs/rflNrsH8Rtb+/YP LTSBRuhJrFpPE7njmCw= ) ;; ADDITIONAL SECTION (7 records) ns2.cdc.gov. 600 IN A 198.246.96.92 ns1.cdc.gov. 600 IN A 198.246.96.61 ns3.cdc.gov. 600 IN A 198.246.125.10 ns2.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181228095019 20181218094310 2387 cdc.gov. enUk6R8YzpdDFT/QnfEud7EhOItWsjhX7kdshp6IalK1DhnEi3Hvxjf4UYluXsfmULJEu57aCzCN rIZ1iD2IyylsPqJEqikSRpzAt0RAGIoED82Pq+FWQ9R41zfcQ9z8NFb6MFMSUt+QvzkS8Ko8hong 6rTa/n7lRxXQA0HbL5M= ) ns1.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220115330 20181210110246 2387 cdc.gov. PpAGaiie8aqNT66JZXzjaqg2ZkX75g18A+EvxLgr2z0WekMHMhNQ3UDqd7fjO255l2cZWuRLq2QV x1v3UqISPZy+/0jPXVp/QesZ16DclmS6ew/K8DlvFuyKWa/pQJ4VIq+fwvXirN7NNn+tbtJ2jDxD SfBUL/yg9DcQZYqjRuw= ) ns3.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181228103730 20181218095125 2387 cdc.gov. g0sQBM9ZNUkTYRHBIElpMue6zz96wT6879i8CKA5YolYfOpjnhm9IJU57cRt5O4o+k53t6aoNZL8 7epLOudlDAuaAFUxV9Il9upsg57yU+rk3WePY+FioXocB4P392JSSKSA+2v1ebiBKSx8SBAvwW9I GWOD6OnX4TE6MkQGyRo= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns3.cdc.gov for HEALTHINDICATORS.GOV/SOA
	Received 1081 bytes from 198.246.125.10
	;; Answer received from 198.246.125.10 (1081 bytes) ;; HEADER SECTION ;; id = 36789 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 4 arcount = 7 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN SOA ;; ANSWER SECTION (2 records) healthindicators.gov. 3600 IN SOA ( ns2.cdc.gov. dnsadmin.cdc.gov. 556896234 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 84600 ;minimum ) healthindicators.gov. 3600 IN RRSIG ( SOA 7 2 3600 20181216110520 20181206100520 35595 healthindicators.gov. YfmetM1ZQEYAcpCKuusTFQ9+xINLYAz7aDDbJFj24SBS53mg5mVBJTfGKD0kHFvs+tD8pCB+iBcc sIJd40cZVqGw6MFIjDEA5rXPW5CKpUx5OTP1uNluX61VsTBDxhMjHhp052Gm0eIIWyLKcozpDXib QO7Qcg8LHt+dSYYzXvQ= ) ;; AUTHORITY SECTION (4 records) healthindicators.gov. 3600 IN NS ns2.cdc.gov. healthindicators.gov. 3600 IN NS ns3.cdc.gov. healthindicators.gov. 3600 IN NS ns1.cdc.gov. healthindicators.gov. 3600 IN RRSIG ( NS 7 2 3600 20181216093136 20181206085833 35595 healthindicators.gov. RRrjH37kl1kvzaMGm2xpZVmxU511hc/w18X0HfO8MuX+T4jqvh2yNbm5+nFqwyOZ44b533Rry+M6 gOqpS3ZvwJIrbnSKQFtz0PiaOb4UOw3o9sWa8G2ahPtFpvmsEjuUby/Jq2pPiPhbUXvy6kn+6KJ8 wZZt5Khw6+WjG4jTpsM= ) ;; ADDITIONAL SECTION (7 records) ns2.cdc.gov. 600 IN A 198.246.96.92 ns1.cdc.gov. 600 IN A 198.246.96.61 ns3.cdc.gov. 600 IN A 198.246.125.10 ns2.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220104310 20181210102905 2387 cdc.gov. gnleOxRpAjaodMmroQK0JJxgaX+DKkDD2lgo73syIBRCit4YLkKev209Ub1aGO55su7Yq0e6Gk0d SGqUW2HpiYjYsRzySPe2bnWk+PGB2f+2bN1Sp2E2OIuDFB6R451uN2xi+hTGTxHJLFsTpXidBtcv mYbFgZB6mU/bbvHdjTw= ) ns1.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220115330 20181210110246 2387 cdc.gov. PpAGaiie8aqNT66JZXzjaqg2ZkX75g18A+EvxLgr2z0WekMHMhNQ3UDqd7fjO255l2cZWuRLq2QV x1v3UqISPZy+/0jPXVp/QesZ16DclmS6ew/K8DlvFuyKWa/pQJ4VIq+fwvXirN7NNn+tbtJ2jDxD SfBUL/yg9DcQZYqjRuw= ) ns3.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220105125 20181210100256 2387 cdc.gov. km7c0ssRYZU0RI36cP/2rbawucMihEPC8H4AmBeK/fAlh02DT8uOSb7E/YYkajjHVZNO1D3aBQ86 PtLk6o1HOxsQ2Y0VlYWVukNe18jrUGz4F9YIolE4PRrv7YxjutBzbhomJznp9gVE+UMNWKp+VGGp prPFWOiMh9H+xdd3JbE= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	ns3.cdc.gov serial (556896234) differs from ns2.cdc.gov serial (563741083)
	Query to ns1.cdc.gov for HEALTHINDICATORS.GOV/SOA
	Received 1081 bytes from 198.246.96.61
	;; Answer received from 198.246.96.61 (1081 bytes) ;; HEADER SECTION ;; id = 15517 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 4 arcount = 7 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN SOA ;; ANSWER SECTION (2 records) healthindicators.gov. 3600 IN SOA ( ns2.cdc.gov. dnsadmin.cdc.gov. 563741083 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 84600 ;minimum ) healthindicators.gov. 3600 IN RRSIG ( SOA 7 2 3600 20181227170209 20181217160209 33873 healthindicators.gov. ar3mNsCtcTX+jzR/JFEr8HYC1NYJjACHN6KCQsmMTqxQtAVmKlugbO810XbO3ry5JCPWege0D9oC L9Y0vsFQqXLQX734gTTf0MDpsn5CbBC31ywm3SA8rmjFzLGOHTsPI3zokYCADNWJQOb4aFKZpFVH s9hWwuCZxLrQX5ye+Ak= ) ;; AUTHORITY SECTION (4 records) healthindicators.gov. 3600 IN NS ns1.cdc.gov. healthindicators.gov. 3600 IN NS ns3.cdc.gov. healthindicators.gov. 3600 IN NS ns2.cdc.gov. healthindicators.gov. 3600 IN RRSIG ( NS 7 2 3600 20181223184439 20181213183939 33873 healthindicators.gov. RBHTRfBBXyBhQY+ua1iaWt70cQQkJyx0EncIHbCdDdV+3rDigy44lbaOlQ0SnE+KOUK1R+XdTPLH 6zXj4pBotN+ESa5cXRuLXzhg+uvnE2hMuDFnVA9kKVuXcbL7hQQprV6ZSygs/rflNrsH8Rtb+/YP LTSBRuhJrFpPE7njmCw= ) ;; ADDITIONAL SECTION (7 records) ns2.cdc.gov. 600 IN A 198.246.96.92 ns1.cdc.gov. 600 IN A 198.246.96.61 ns3.cdc.gov. 600 IN A 198.246.125.10 ns2.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181228095019 20181218094310 2387 cdc.gov. enUk6R8YzpdDFT/QnfEud7EhOItWsjhX7kdshp6IalK1DhnEi3Hvxjf4UYluXsfmULJEu57aCzCN rIZ1iD2IyylsPqJEqikSRpzAt0RAGIoED82Pq+FWQ9R41zfcQ9z8NFb6MFMSUt+QvzkS8Ko8hong 6rTa/n7lRxXQA0HbL5M= ) ns1.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220115330 20181210110246 2387 cdc.gov. PpAGaiie8aqNT66JZXzjaqg2ZkX75g18A+EvxLgr2z0WekMHMhNQ3UDqd7fjO255l2cZWuRLq2QV x1v3UqISPZy+/0jPXVp/QesZ16DclmS6ew/K8DlvFuyKWa/pQJ4VIq+fwvXirN7NNn+tbtJ2jDxD SfBUL/yg9DcQZYqjRuw= ) ns3.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181228103730 20181218095125 2387 cdc.gov. g0sQBM9ZNUkTYRHBIElpMue6zz96wT6879i8CKA5YolYfOpjnhm9IJU57cRt5O4o+k53t6aoNZL8 7epLOudlDAuaAFUxV9Il9upsg57yU+rk3WePY+FioXocB4P392JSSKSA+2v1ebiBKSx8SBAvwW9I GWOD6OnX4TE6MkQGyRo= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns3.cdc.GOV for HEALTHINDICATORS.GOV/A
	Received 1052 bytes from 198.246.125.10
	;; Answer received from 198.246.125.10 (1052 bytes) ;; HEADER SECTION ;; id = 54077 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 4 arcount = 7 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; HEALTHINDICATORS.GOV. IN A ;; ANSWER SECTION (2 records) healthindicators.gov. 3600 IN A 64.191.212.230 healthindicators.gov. 3600 IN RRSIG ( A 7 2 3600 20181216093136 20181206085833 35595 healthindicators.gov. hNuNwrdxZh4UZyRGjZs6WyXPUitL4ClNjbCnDNRlN4CzhOJXAbq8g2I01avWqk6gVRKxc2Duxfdc Vf6708OpEA/7pcRZF2fOLDOT3cjfwGPr6QKTnWDcd2vKSzDNr//XVHk3We8AlV0aMtQ8QtomJ6/Y hL0DaxquwPCzVaYhvps= ) ;; AUTHORITY SECTION (4 records) healthindicators.gov. 3600 IN NS ns3.cdc.gov. healthindicators.gov. 3600 IN NS ns2.cdc.gov. healthindicators.gov. 3600 IN NS ns1.cdc.gov. healthindicators.gov. 3600 IN RRSIG ( NS 7 2 3600 20181216093136 20181206085833 35595 healthindicators.gov. RRrjH37kl1kvzaMGm2xpZVmxU511hc/w18X0HfO8MuX+T4jqvh2yNbm5+nFqwyOZ44b533Rry+M6 gOqpS3ZvwJIrbnSKQFtz0PiaOb4UOw3o9sWa8G2ahPtFpvmsEjuUby/Jq2pPiPhbUXvy6kn+6KJ8 wZZt5Khw6+WjG4jTpsM= ) ;; ADDITIONAL SECTION (7 records) ns2.cdc.gov. 600 IN A 198.246.96.92 ns1.cdc.gov. 600 IN A 198.246.96.61 ns3.cdc.gov. 600 IN A 198.246.125.10 ns2.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220104310 20181210102905 2387 cdc.gov. gnleOxRpAjaodMmroQK0JJxgaX+DKkDD2lgo73syIBRCit4YLkKev209Ub1aGO55su7Yq0e6Gk0d SGqUW2HpiYjYsRzySPe2bnWk+PGB2f+2bN1Sp2E2OIuDFB6R451uN2xi+hTGTxHJLFsTpXidBtcv mYbFgZB6mU/bbvHdjTw= ) ns1.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220115330 20181210110246 2387 cdc.gov. PpAGaiie8aqNT66JZXzjaqg2ZkX75g18A+EvxLgr2z0WekMHMhNQ3UDqd7fjO255l2cZWuRLq2QV x1v3UqISPZy+/0jPXVp/QesZ16DclmS6ew/K8DlvFuyKWa/pQJ4VIq+fwvXirN7NNn+tbtJ2jDxD SfBUL/yg9DcQZYqjRuw= ) ns3.cdc.gov. 600 IN RRSIG ( A 7 3 600 20181220105125 20181210100256 2387 cdc.gov. km7c0ssRYZU0RI36cP/2rbawucMihEPC8H4AmBeK/fAlh02DT8uOSb7E/YYkajjHVZNO1D3aBQ86 PtLk6o1HOxsQ2Y0VlYWVukNe18jrUGz4F9YIolE4PRrv7YxjutBzbhomJznp9gVE+UMNWKp+VGGp prPFWOiMh9H+xdd3JbE= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	HEALTHINDICATORS.GOV A RR has value 64.191.212.230
	Found 1 RRSIGs over A RRset
	`healthindicators.gov. 3600 IN RRSIG ( A 7 2 3600 20181216093136 20181206085833 35595 healthindicators.gov. hNuNwrdxZh4UZyRGjZs6WyXPUitL4ClNjbCnDNRlN4CzhOJXAbq8g2I01avWqk6gVRKxc2Duxfdc Vf6708OpEA/7pcRZF2fOLDOT3cjfwGPr6QKTnWDcd2vKSzDNr//XVHk3We8AlV0aMtQ8QtomJ6/Y hL0DaxquwPCzVaYhvps= )`
	RRSIG=35595 is expired
	None of the 1 RRSIG and 2 DNSKEY records validate the A RRset
	The A RRset was not signed by any keys in the chain-of-trust

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test HEALTHINDICATORS.GOV at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: