DNSSEC Debugger - PURCHASING.GOV

Domain Name:

Time: 2026-02-23 03:26:33 UTC

Analyzing DNSSEC problems for PURCHASING.GOV

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to g.root-servers.net for ./DNSKEY
	Received 1141 bytes from 192.112.36.4
	;; Response received from [192.112.36.4] 1141 octets ;; HEADER SECTION ;; id = 46367 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260313000000 20260220000000 20326 . JZtm46fb0oPZQLxBUHYEG5Fv0arLLlu7lUpYjsEPdGrggxWWMbB/rA0CbLCsZ0+rk84t5BvOtfPd mBDhJiDQhzJSRK8l8u0roT79KnJU81H+Hdzg+/095yK9djpihg/72I9UyJO3UU1SIdmxzriTE15z Tz/QrKKLME3vp5lBSPkggMMrRkKNW2rpL1JgD6bsXNqJLEHTfpNRGX0EbEKW9VKK27rXxXFa3r0X V2mvOrNiDOCN1nl1YTHWOkuNGxpKlv+kDwrDyGs5Z8WJb4gm47O1xOijfna5dzlEXAjqahKboJsF kMHrQdSnYG0XcTdxhAAMnQjbxDfBEeowXrOt8w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260313000000 20260220000000 20326 . JZtm46fb0oPZQLxBUHYEG5Fv0arLLlu7lUpYjsEPdGrggxWWMbB/rA0CbLCsZ0+rk84t5BvOtfPd mBDhJiDQhzJSRK8l8u0roT79KnJU81H+Hdzg+/095yK9djpihg/72I9UyJO3UU1SIdmxzriTE15z Tz/QrKKLME3vp5lBSPkggMMrRkKNW2rpL1JgD6bsXNqJLEHTfpNRGX0EbEKW9VKK27rXxXFa3r0X V2mvOrNiDOCN1nl1YTHWOkuNGxpKlv+kDwrDyGs5Z8WJb4gm47O1xOijfna5dzlEXAjqahKboJsF kMHrQdSnYG0XcTdxhAAMnQjbxDfBEeowXrOt8w== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=38696/SEP is now in the chain-of-trust
	DNSKEY=21831 is now in the chain-of-trust
	Query to f.root-servers.net for PURCHASING.GOV/A
	Received 621 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 621 octets ;; HEADER SECTION ;; id = 33648 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) GOV. 172800 IN NS a.ns.GOV. GOV. 172800 IN NS b.ns.GOV. GOV. 172800 IN NS c.ns.GOV. GOV. 172800 IN NS d.ns.GOV. GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260307170000 20260222160000 21831 . iNEVt90L3tqr3i4eQ07otLuJfszsqVrU+kUXbSWkPKG7P1+bo5iLGOR8nb8uHDWqO2Lwnk7OUxOd gLs7tEmLWJ/pt2ozKYp16W+jXrOVEhrrJOIcFPAvp+VIOLoQzBCX0odXeR+aTytovQWPx7OCNPxr Pxe1K+Yp71QqvPGgXJJDJ6X53yOFjpuJiRlLMe4BubrjdbaE+j5gpAONjjtD/8VWrfknPr8NYM4B g13SERdkc7OlfzkD75pVV98e1JtlNEJXI9ucCoEv6wlnpgX8lkaGIJmNz+Gz9RUlVF6fKLw0fNNt sLB6SXiw8EFQX/PgbPnWsG48aRx8tOY01qDKIA== ) ;; ADDITIONAL SECTION (9 records) a.ns.GOV. 172800 IN A 199.33.230.1 a.ns.GOV. 172800 IN AAAA 2001:503:ff40::1 b.ns.GOV. 172800 IN A 199.33.231.1 b.ns.GOV. 172800 IN AAAA 2001:503:ff41::1 c.ns.GOV. 172800 IN A 199.33.232.1 c.ns.GOV. 172800 IN AAAA 2001:503:ff42::1 d.ns.GOV. 172800 IN A 199.33.233.1 d.ns.GOV. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to i.root-servers.net for GOV/DNSKEY
	Received 616 bytes from 192.36.148.17
	;; Response received from [192.36.148.17] 616 octets ;; HEADER SECTION ;; id = 50582 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260307170000 20260222160000 21831 . iNEVt90L3tqr3i4eQ07otLuJfszsqVrU+kUXbSWkPKG7P1+bo5iLGOR8nb8uHDWqO2Lwnk7OUxOd gLs7tEmLWJ/pt2ozKYp16W+jXrOVEhrrJOIcFPAvp+VIOLoQzBCX0odXeR+aTytovQWPx7OCNPxr Pxe1K+Yp71QqvPGgXJJDJ6X53yOFjpuJiRlLMe4BubrjdbaE+j5gpAONjjtD/8VWrfknPr8NYM4B g13SERdkc7OlfzkD75pVV98e1JtlNEJXI9ucCoEv6wlnpgX8lkaGIJmNz+Gz9RUlVF6fKLw0fNNt sLB6SXiw8EFQX/PgbPnWsG48aRx8tOY01qDKIA== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Found child zone GOV

GOV

	Checking DS between . and GOV
	Query to e.root-servers.net for GOV/DS
	Received 367 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 367 octets ;; HEADER SECTION ;; id = 45061 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DS ;; ANSWER SECTION (2 records) GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) GOV. 86400 IN RRSIG ( DS 8 1 86400 20260307170000 20260222160000 21831 . iNEVt90L3tqr3i4eQ07otLuJfszsqVrU+kUXbSWkPKG7P1+bo5iLGOR8nb8uHDWqO2Lwnk7OUxOd gLs7tEmLWJ/pt2ozKYp16W+jXrOVEhrrJOIcFPAvp+VIOLoQzBCX0odXeR+aTytovQWPx7OCNPxr Pxe1K+Yp71QqvPGgXJJDJ6X53yOFjpuJiRlLMe4BubrjdbaE+j5gpAONjjtD/8VWrfknPr8NYM4B g13SERdkc7OlfzkD75pVV98e1JtlNEJXI9ucCoEv6wlnpgX8lkaGIJmNz+Gz9RUlVF6fKLw0fNNt sLB6SXiw8EFQX/PgbPnWsG48aRx8tOY01qDKIA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for GOV in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`GOV. 86400 IN RRSIG ( DS 8 1 86400 20260307170000 20260222160000 21831 . iNEVt90L3tqr3i4eQ07otLuJfszsqVrU+kUXbSWkPKG7P1+bo5iLGOR8nb8uHDWqO2Lwnk7OUxOd gLs7tEmLWJ/pt2ozKYp16W+jXrOVEhrrJOIcFPAvp+VIOLoQzBCX0odXeR+aTytovQWPx7OCNPxr Pxe1K+Yp71QqvPGgXJJDJ6X53yOFjpuJiRlLMe4BubrjdbaE+j5gpAONjjtD/8VWrfknPr8NYM4B g13SERdkc7OlfzkD75pVV98e1JtlNEJXI9ucCoEv6wlnpgX8lkaGIJmNz+Gz9RUlVF6fKLw0fNNt sLB6SXiw8EFQX/PgbPnWsG48aRx8tOY01qDKIA== )`
	RRSIG=21831 and DNSKEY=21831 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`GOV. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.gov for GOV/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 61532 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; GOV. IN DNSKEY ;; ANSWER SECTION (3 records) GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260418110625 20260216110625 2536 gov. I0iSDDCNvKVMZA6sNbu/vSpxFxExdKw4wolKgp9n5lVU+L+LLIrgFsg7MfMTRCgrMX1UDqFBsElS w+yMvE1WnQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for GOV
	`GOV. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`GOV. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`GOV. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260418110625 20260216110625 2536 gov. I0iSDDCNvKVMZA6sNbu/vSpxFxExdKw4wolKgp9n5lVU+L+LLIrgFsg7MfMTRCgrMX1UDqFBsElS w+yMvE1WnQ== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to c.ns.gov for PURCHASING.GOV/A
	Received 288 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 288 octets ;; HEADER SECTION ;; id = 44473 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 5 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (5 records) PURCHASING.GOV. 10800 IN NS dns082.usps.com. PURCHASING.GOV. 10800 IN NS dns141.usps.com. PURCHASING.GOV. 3600 IN DS ( 37156 7 2 6e6fc46055af430f4a4dae0282934030072a834cd9cd5577ceebd1a216c3b580 ) PURCHASING.GOV. 3600 IN DS ( 63738 7 2 0392b07e31a183e8df502b7c74bbdd58720565cd4107afefd3520507ef724fe2 ) PURCHASING.GOV. 3600 IN RRSIG ( DS 13 2 3600 20260224042633 20260222022633 35496 gov. I5QXFuymua6H6Vy76uIUCptWsA4iJlC1tjhWyXlTfJCFHLbHejBy14BbfyX4wuUAEXa8N8wGS3gf x4V69ys7ig== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to d.ns.gov for PURCHASING.GOV/DNSKEY
	Received 288 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 288 octets ;; HEADER SECTION ;; id = 40698 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 5 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (5 records) PURCHASING.GOV. 10800 IN NS dns082.usps.com. PURCHASING.GOV. 10800 IN NS dns141.usps.com. PURCHASING.GOV. 3600 IN DS ( 37156 7 2 6e6fc46055af430f4a4dae0282934030072a834cd9cd5577ceebd1a216c3b580 ) PURCHASING.GOV. 3600 IN DS ( 63738 7 2 0392b07e31a183e8df502b7c74bbdd58720565cd4107afefd3520507ef724fe2 ) PURCHASING.GOV. 3600 IN RRSIG ( DS 13 2 3600 20260224042633 20260222022633 35496 gov. /n6nSvimUgLY2IevYxMZ1xvJH6E+CdhlMwya809fkGaLD0g0r4zvWPJbRMwk9+BWsWOBjmSHmQOy ma/AKKZoiw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone PURCHASING.GOV

PURCHASING.GOV

	Checking DS between GOV and PURCHASING.GOV
	Query to b.ns.gov for PURCHASING.GOV/DS
	Received 238 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 238 octets ;; HEADER SECTION ;; id = 53877 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN DS ;; ANSWER SECTION (3 records) PURCHASING.GOV. 3600 IN DS ( 37156 7 2 6e6fc46055af430f4a4dae0282934030072a834cd9cd5577ceebd1a216c3b580 ) PURCHASING.GOV. 3600 IN DS ( 63738 7 2 0392b07e31a183e8df502b7c74bbdd58720565cd4107afefd3520507ef724fe2 ) PURCHASING.GOV. 3600 IN RRSIG ( DS 13 2 3600 20260224042633 20260222022633 35496 gov. XWwixSj4DhCAwwGG0ovSbFFqrrIbZ7u8O/LOm+79OTrs6wYQBTO06HwiybQkkHPlgcMLy8Dym8nt D+tEU06wwg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DS records for PURCHASING.GOV in the GOV zone
	DS=37156/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=63738/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	Found 1 RRSIGs over DS RRset
	`PURCHASING.GOV. 3600 IN RRSIG ( DS 13 2 3600 20260224042633 20260222022633 35496 gov. XWwixSj4DhCAwwGG0ovSbFFqrrIbZ7u8O/LOm+79OTrs6wYQBTO06HwiybQkkHPlgcMLy8Dym8nt D+tEU06wwg== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=37156/SHA-256 is now in the chain-of-trust
	DS=63738/SHA-256 is now in the chain-of-trust
	`PURCHASING.GOV. 3600 IN DS ( 37156 7 2 6e6fc46055af430f4a4dae0282934030072a834cd9cd5577ceebd1a216c3b580 )`
	`PURCHASING.GOV. 3600 IN DS ( 63738 7 2 0392b07e31a183e8df502b7c74bbdd58720565cd4107afefd3520507ef724fe2 )`
	Query to dns141.usps.com for PURCHASING.GOV/DNSKEY
	Received 1105 bytes from 56.0.141.25
	;; Response received from [56.0.141.25] 1105 octets ;; HEADER SECTION ;; id = 11853 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN DNSKEY ;; ANSWER SECTION (5 records) purchasing.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAZL4rMVevVJWuAVpTTJwG2H0Z5fWAoBwZOZ7YXDl1qugJg6DVEBpe8t0/4lo4aOX8mtm2VK5 0Z0UYJ1MDh0GTSmEFf3XB1kr+hpOZulI3D7KDkhmtwoEm9Ybjfia0F7OGDVUMlz2EoljIr1H/Jxn x5pKVnfCecUI3MICDv9mDRDF ) ; keytag 40352 purchasing.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAdq6lpJXUx1HfuFDHCquDOUAj+InGZl0aHuKpgIf9589j0ifGQrcBJsorj4JFG6iYqi91xbs vt0DPTPeEaaNLPrDbcOGhNr84lcrsbKcNNq9dmT9nONbLk+qpyx+0tHi/+vjOs1jZEzzwldlPrhq UjdxxV+eb4c3I7V5wHm/fFVLM21tum5EdyueaTl57lXx19bYZ8zmhnHRJKgKRRBOElLw4za2Jcro 1qvGW5HcWoPPXf2OSFSjrcy0Ug6JvfNUo4v7UYzRiP0yWPTWsCcUuA/7I1wXZAh2G8qlSXu/BjCS 2fJ+N/l2Vu10y6EfuoXFodxW1AsqMlAh/oCKPb1k9XU= ) ; keytag 37156 purchasing.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAaJlc3yYQC50Teko+KLH0l8HEdKKjho3XcYK29KZKieVWkxqc/cphAGoqIarFmjsVNKgxo6G EwMYHY6TgIg2PdRqzmGwx43/C8fDrvlBtj5QpUddBKjKisn/pOFya4gYu07Yagy3FUXlaCDptZne oDwDDSm6WsHd6S9rICfa+L0F ) ; keytag 37047 purchasing.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260302052137 20260220051637 37156 purchasing.gov. 0mtmlMa7gPHNaIsXSu6hMZiqAOCiA8LmFJRkiQ4LnEuOnULwEvfsX0TTnleaZx3E248MC/XO+GFF q62ySYe7MUZdYhuICOfer5hhGhJwIZXrkrwkoTIUS2x+vZfzCa+fTTMZYxmCPXVl107kquT3tAOX mY3RVqWZkUKR2I7adglXpV63NIgnvF9FalUd88uryu941t4XjHPyDwP2MC6tUaqVRNJtPYQVMT5w iyWM2Pi23Oc5ISVbIKYsJ/o2M2XJ9II+5u16GaIq4N+K4mbnrGXb2Gl7oBBNo0s/1GRsHIqjrbLr LaVrWydhOM48mVYX3hQ6HXbA2jdlvz/R1UDpjw== ) purchasing.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. HEzglQkzNrSH2ILPdsh0jKoKMV5KbjFN5kXm/fu3jfEN7u5cwIsbncYHTlOKsmmi1tT4rQgzWV6A Ic5+CDyvSMaw5xR8Whj3yFibsYUargtB8VuuW7+fY6k/xJvkrEaEklQ7Qqn6lkSJvQZR++BF3ntV P6zn+8ziTYtsc7MUpRY= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for PURCHASING.GOV
	`purchasing.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAZL4rMVevVJWuAVpTTJwG2H0Z5fWAoBwZOZ7YXDl1qugJg6DVEBpe8t0/4lo4aOX8mtm2VK5 0Z0UYJ1MDh0GTSmEFf3XB1kr+hpOZulI3D7KDkhmtwoEm9Ybjfia0F7OGDVUMlz2EoljIr1H/Jxn x5pKVnfCecUI3MICDv9mDRDF ) ; keytag 40352`
	`purchasing.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAdq6lpJXUx1HfuFDHCquDOUAj+InGZl0aHuKpgIf9589j0ifGQrcBJsorj4JFG6iYqi91xbs vt0DPTPeEaaNLPrDbcOGhNr84lcrsbKcNNq9dmT9nONbLk+qpyx+0tHi/+vjOs1jZEzzwldlPrhq UjdxxV+eb4c3I7V5wHm/fFVLM21tum5EdyueaTl57lXx19bYZ8zmhnHRJKgKRRBOElLw4za2Jcro 1qvGW5HcWoPPXf2OSFSjrcy0Ug6JvfNUo4v7UYzRiP0yWPTWsCcUuA/7I1wXZAh2G8qlSXu/BjCS 2fJ+N/l2Vu10y6EfuoXFodxW1AsqMlAh/oCKPb1k9XU= ) ; keytag 37156`
	`purchasing.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAaJlc3yYQC50Teko+KLH0l8HEdKKjho3XcYK29KZKieVWkxqc/cphAGoqIarFmjsVNKgxo6G EwMYHY6TgIg2PdRqzmGwx43/C8fDrvlBtj5QpUddBKjKisn/pOFya4gYu07Yagy3FUXlaCDptZne oDwDDSm6WsHd6S9rICfa+L0F ) ; keytag 37047`
	DNSKEY=37156/SEP is now in the chain-of-trust
	DS=37156/SHA-256 verifies DNSKEY=37156/SEP
	DS=63738/SHA-256 is published, but a corresponding DNSKEY is not
	Found 2 RRSIGs over DNSKEY RRset
	`purchasing.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260302052137 20260220051637 37156 purchasing.gov. 0mtmlMa7gPHNaIsXSu6hMZiqAOCiA8LmFJRkiQ4LnEuOnULwEvfsX0TTnleaZx3E248MC/XO+GFF q62ySYe7MUZdYhuICOfer5hhGhJwIZXrkrwkoTIUS2x+vZfzCa+fTTMZYxmCPXVl107kquT3tAOX mY3RVqWZkUKR2I7adglXpV63NIgnvF9FalUd88uryu941t4XjHPyDwP2MC6tUaqVRNJtPYQVMT5w iyWM2Pi23Oc5ISVbIKYsJ/o2M2XJ9II+5u16GaIq4N+K4mbnrGXb2Gl7oBBNo0s/1GRsHIqjrbLr LaVrWydhOM48mVYX3hQ6HXbA2jdlvz/R1UDpjw== )`
	`purchasing.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. HEzglQkzNrSH2ILPdsh0jKoKMV5KbjFN5kXm/fu3jfEN7u5cwIsbncYHTlOKsmmi1tT4rQgzWV6A Ic5+CDyvSMaw5xR8Whj3yFibsYUargtB8VuuW7+fY6k/xJvkrEaEklQ7Qqn6lkSJvQZR++BF3ntV P6zn+8ziTYtsc7MUpRY= )`
	RRSIG=37156 and DNSKEY=37156/SEP does not verify the DNSKEY RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	RRSIG=40352 and DNSKEY=40352 does not verify the DNSKEY RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	None of the 2 RRSIG and 3 DNSKEY records validate the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to dns141.usps.com for PURCHASING.GOV/A
	Received 477 bytes from 56.0.141.25
	;; Response received from [56.0.141.25] 477 octets ;; HEADER SECTION ;; id = 1892 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 3 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ;; {"EXTENDED-ERROR": {"ERROR": "Prohibited", "EXTRA-TEXT": "", "INFO-CODE": 18}} ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN A ;; ANSWER SECTION (2 records) purchasing.gov. 3600 IN A 56.0.133.28 purchasing.gov. 3600 IN RRSIG ( A 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. FPxLcGCBihL7zE82x2Gj1PPF2pLU1ek0YxGCURPw9wKSAv5atmZcPla7d/4buRFmQvnh8NbfB4Bp XJ3d0jPwsGPczdZ9O7nV7MKn6gQXIIx+Vg23r5o9PrG3IHlIvanux9R7qpzq3agdRRlyxEHwLGkL 0uF9KYs5S3ts3QFNl0w= ) ;; AUTHORITY SECTION (3 records) purchasing.gov. 3600 IN NS dns141.usps.com. purchasing.gov. 3600 IN NS dns082.usps.com. purchasing.gov. 3600 IN RRSIG ( NS 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. hp6jqhDD2w7zXoCYlaNy4aUrw8wSJuwGtLf4gsp47NfpE65+29IysGARao7mNGpB8Xt8xdCtWwMw esbHYwFOkZxXb8P9ZB44QxEFvOggMWWBYIU0PAs5sYjrwn5WB2jn2fliT1rOTvgOhGt25ii0TWiy G28VdAHx587javikcE0= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns141.usps.com is authoritative for PURCHASING.GOV
	Found RRSIG signed by purchasing.gov zone
	Query to dns082.usps.com for PURCHASING.GOV/SOA
	Received 523 bytes from 56.0.82.25
	;; Response received from [56.0.82.25] 523 octets ;; HEADER SECTION ;; id = 37375 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 3 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ;; {"EXTENDED-ERROR": {"ERROR": "Prohibited", "EXTRA-TEXT": "", "INFO-CODE": 18}} ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN SOA ;; ANSWER SECTION (2 records) purchasing.gov. 3600 IN SOA ( dns141.usps.com. domainadmin.imail.usps.gov. 790557698 ;serial 3600 ;refresh 1800 ;retry 1209600 ;expire 1800 ;minimum ) purchasing.gov. 3600 IN RRSIG ( SOA 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. Gj7QwANc1PSCOEzzTPgMXguwlaHIWs368IJnqPWHpmDuPRoSgs2WX/9wKfDD6q+e8OvVbhnc9bOz aJJnSgxoyq8KYeobh56CuACwiLk1PdcvO+U7HY+vX4fTTkqqyMG0iVmowxHfeYNJhhiR/WV8OwgY Y534StsDMCfT3wghSqM= ) ;; AUTHORITY SECTION (3 records) purchasing.gov. 3600 IN NS dns141.usps.com. purchasing.gov. 3600 IN NS dns082.usps.com. purchasing.gov. 3600 IN RRSIG ( NS 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. hp6jqhDD2w7zXoCYlaNy4aUrw8wSJuwGtLf4gsp47NfpE65+29IysGARao7mNGpB8Xt8xdCtWwMw esbHYwFOkZxXb8P9ZB44QxEFvOggMWWBYIU0PAs5sYjrwn5WB2jn2fliT1rOTvgOhGt25ii0TWiy G28VdAHx587javikcE0= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns141.usps.com for PURCHASING.GOV/A
	Received 477 bytes from 56.0.141.25
	;; Response received from [56.0.141.25] 477 octets ;; HEADER SECTION ;; id = 42566 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 3 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ;; {"EXTENDED-ERROR": {"ERROR": "Prohibited", "EXTRA-TEXT": "", "INFO-CODE": 18}} ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN A ;; ANSWER SECTION (2 records) purchasing.gov. 3600 IN A 56.0.133.28 purchasing.gov. 3600 IN RRSIG ( A 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. FPxLcGCBihL7zE82x2Gj1PPF2pLU1ek0YxGCURPw9wKSAv5atmZcPla7d/4buRFmQvnh8NbfB4Bp XJ3d0jPwsGPczdZ9O7nV7MKn6gQXIIx+Vg23r5o9PrG3IHlIvanux9R7qpzq3agdRRlyxEHwLGkL 0uF9KYs5S3ts3QFNl0w= ) ;; AUTHORITY SECTION (3 records) purchasing.gov. 3600 IN NS dns082.usps.com. purchasing.gov. 3600 IN NS dns141.usps.com. purchasing.gov. 3600 IN RRSIG ( NS 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. hp6jqhDD2w7zXoCYlaNy4aUrw8wSJuwGtLf4gsp47NfpE65+29IysGARao7mNGpB8Xt8xdCtWwMw esbHYwFOkZxXb8P9ZB44QxEFvOggMWWBYIU0PAs5sYjrwn5WB2jn2fliT1rOTvgOhGt25ii0TWiy G28VdAHx587javikcE0= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	PURCHASING.GOV A RR has value 56.0.133.28
	Found 1 RRSIGs over A RRset
	`purchasing.gov. 3600 IN RRSIG ( A 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. FPxLcGCBihL7zE82x2Gj1PPF2pLU1ek0YxGCURPw9wKSAv5atmZcPla7d/4buRFmQvnh8NbfB4Bp XJ3d0jPwsGPczdZ9O7nV7MKn6gQXIIx+Vg23r5o9PrG3IHlIvanux9R7qpzq3agdRRlyxEHwLGkL 0uF9KYs5S3ts3QFNl0w= )`
	RRSIG=40352 and DNSKEY=40352 does not verify the A RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	None of the 1 RRSIG and 3 DNSKEY records validate the A RRset

PURCHASING.GOV

	Query to dns082.usps.com for PURCHASING.GOV/A
	Received 477 bytes from 56.0.82.25
	;; Response received from [56.0.82.25] 477 octets ;; HEADER SECTION ;; id = 54346 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 3 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ;; {"EXTENDED-ERROR": {"ERROR": "Prohibited", "EXTRA-TEXT": "", "INFO-CODE": 18}} ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN A ;; ANSWER SECTION (2 records) purchasing.gov. 3600 IN A 56.0.133.28 purchasing.gov. 3600 IN RRSIG ( A 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. FPxLcGCBihL7zE82x2Gj1PPF2pLU1ek0YxGCURPw9wKSAv5atmZcPla7d/4buRFmQvnh8NbfB4Bp XJ3d0jPwsGPczdZ9O7nV7MKn6gQXIIx+Vg23r5o9PrG3IHlIvanux9R7qpzq3agdRRlyxEHwLGkL 0uF9KYs5S3ts3QFNl0w= ) ;; AUTHORITY SECTION (3 records) purchasing.gov. 3600 IN NS dns141.usps.com. purchasing.gov. 3600 IN NS dns082.usps.com. purchasing.gov. 3600 IN RRSIG ( NS 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. hp6jqhDD2w7zXoCYlaNy4aUrw8wSJuwGtLf4gsp47NfpE65+29IysGARao7mNGpB8Xt8xdCtWwMw esbHYwFOkZxXb8P9ZB44QxEFvOggMWWBYIU0PAs5sYjrwn5WB2jn2fliT1rOTvgOhGt25ii0TWiy G28VdAHx587javikcE0= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns082.usps.com is authoritative for PURCHASING.GOV
	Found RRSIG signed by purchasing.gov zone
	Query to dns082.usps.com for PURCHASING.GOV/A
	Received 477 bytes from 56.0.82.25
	;; Response received from [56.0.82.25] 477 octets ;; HEADER SECTION ;; id = 14019 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 3 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ;; {"EXTENDED-ERROR": {"ERROR": "Prohibited", "EXTRA-TEXT": "", "INFO-CODE": 18}} ] ;; } ;; QUESTION SECTION (1 record) ;; PURCHASING.GOV. IN A ;; ANSWER SECTION (2 records) purchasing.gov. 3600 IN A 56.0.133.28 purchasing.gov. 3600 IN RRSIG ( A 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. FPxLcGCBihL7zE82x2Gj1PPF2pLU1ek0YxGCURPw9wKSAv5atmZcPla7d/4buRFmQvnh8NbfB4Bp XJ3d0jPwsGPczdZ9O7nV7MKn6gQXIIx+Vg23r5o9PrG3IHlIvanux9R7qpzq3agdRRlyxEHwLGkL 0uF9KYs5S3ts3QFNl0w= ) ;; AUTHORITY SECTION (3 records) purchasing.gov. 3600 IN NS dns082.usps.com. purchasing.gov. 3600 IN NS dns141.usps.com. purchasing.gov. 3600 IN RRSIG ( NS 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. hp6jqhDD2w7zXoCYlaNy4aUrw8wSJuwGtLf4gsp47NfpE65+29IysGARao7mNGpB8Xt8xdCtWwMw esbHYwFOkZxXb8P9ZB44QxEFvOggMWWBYIU0PAs5sYjrwn5WB2jn2fliT1rOTvgOhGt25ii0TWiy G28VdAHx587javikcE0= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	PURCHASING.GOV A RR has value 56.0.133.28
	Found 1 RRSIGs over A RRset
	`purchasing.gov. 3600 IN RRSIG ( A 7 2 3600 20260302052137 20260220051637 40352 purchasing.gov. FPxLcGCBihL7zE82x2Gj1PPF2pLU1ek0YxGCURPw9wKSAv5atmZcPla7d/4buRFmQvnh8NbfB4Bp XJ3d0jPwsGPczdZ9O7nV7MKn6gQXIIx+Vg23r5o9PrG3IHlIvanux9R7qpzq3agdRRlyxEHwLGkL 0uF9KYs5S3ts3QFNl0w= )`
	RRSIG=40352 and DNSKEY=40352 does not verify the A RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	None of the 1 RRSIG and 3 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test PURCHASING.GOV at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: