DNSSEC Analyzer

Domain Name:

Time: 2022-01-21 08:48:18 UTC, NTP stratum 16

Analyzing DNSSEC problems for adf.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to d.root-servers.net for ./DNSKEY
	Received 864 bytes from 199.7.91.13
	;; Response received from 199.7.91.13 (864 octets) ;; HEADER SECTION ;; id = 22003 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAZym4HCWiTAAl2Mv1izgTyn9sKwgi5eBxpG29bVlefq/r+TGCtmUElvFyBWHRjvf9mBglIlT BRse22dvzNOI+cYrkjD6LOHuxMoc/d4WtXWKdviNmrtWF2GpjmDOI98gLd4BZ0U/lY847mJP9Lyp FABZcEn3zM3vce4Ee1A3upSlFQ2TFyJSD9HvMnP4XneFexBxV96RpLcy2O+u2W6ChIiDCjlrowPC cU3zXfXxyWy/VKM6TOa8gNf+aKaVkcv/eIh5er8rrsqAi9KT8O5hmhzYLkUOQEXVSRORV0RMt9l3 JSwWxT1MebEDvtfBag3uo+mZwWSFlpc9kuzyWBd72Ec= ) ; Key ID = 9799 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20220211000000 20220121000000 20326 . om3IP7/pygJB+wAMHkUGb9wieFct9IztEoinwqlY+w3h34cFTih1NRAjBpdu7y3xMpp4LMRfyUYE 3MGDFi58upW6qY0sM8TBFXzPhBZitqLJM2sB07UHe0rstrbSvdq+9IAbXFkK6mRhtREggvleuRYH X/SnVW9QPHv8jxrZJDkNRYmW9NiwJoRwvI53v2BklBBe9P8Q61edXydlX9KsHJYqw4DF8FdpfE3o ajN0vnIwMWFpTJYXbOnPjAwf/SntpUxYawFYDssksaLl56kP/440O2F/tdIjdtwnBS2lMGrLASSe IT4VJmQI8Gm2RCHzN49Nywct3SbcpUuWJoZCEQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option:
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAZym4HCWiTAAl2Mv1izgTyn9sKwgi5eBxpG29bVlefq/r+TGCtmUElvFyBWHRjvf9mBglIlT BRse22dvzNOI+cYrkjD6LOHuxMoc/d4WtXWKdviNmrtWF2GpjmDOI98gLd4BZ0U/lY847mJP9Lyp FABZcEn3zM3vce4Ee1A3upSlFQ2TFyJSD9HvMnP4XneFexBxV96RpLcy2O+u2W6ChIiDCjlrowPC cU3zXfXxyWy/VKM6TOa8gNf+aKaVkcv/eIh5er8rrsqAi9KT8O5hmhzYLkUOQEXVSRORV0RMt9l3 JSwWxT1MebEDvtfBag3uo+mZwWSFlpc9kuzyWBd72Ec= ) ; Key ID = 9799`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20220211000000 20220121000000 20326 . om3IP7/pygJB+wAMHkUGb9wieFct9IztEoinwqlY+w3h34cFTih1NRAjBpdu7y3xMpp4LMRfyUYE 3MGDFi58upW6qY0sM8TBFXzPhBZitqLJM2sB07UHe0rstrbSvdq+9IAbXFkK6mRhtREggvleuRYH X/SnVW9QPHv8jxrZJDkNRYmW9NiwJoRwvI53v2BklBBe9P8Q61edXydlX9KsHJYqw4DF8FdpfE3o ajN0vnIwMWFpTJYXbOnPjAwf/SntpUxYawFYDssksaLl56kP/440O2F/tdIjdtwnBS2lMGrLASSe IT4VJmQI8Gm2RCHzN49Nywct3SbcpUuWJoZCEQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=9799 is now in the chain-of-trust
	Query to m.root-servers.net for adf.gov/A
	Received 626 bytes from 202.12.27.33
	;; Response received from 202.12.27.33 (626 octets) ;; HEADER SECTION ;; id = 62525 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20220203050000 20220121040000 9799 . QYZBwkOE78sziVDiZS/PIG7elXDeJChPlRas01dMaG2oddT/3DNeLkMZeuaZDGMwRlSxTIxxfwMO t7pKW2gxqTZO9Azxb4kgXVkWHaRZlQy1kMwQHRj7PWwafjT/nxyKDK2lf0xy1Q46RrgFGclx2vNq S07G6URIinnWj95Vbu1TwxVwFEc6M7pwgM7ofrt9O4giToHvOeCVvm/ALa8MFAp4L1J33A2mpg2x x9x3OOiwfxtPtQLbboWoHPkGmK17mvwwG31x8znPcED8Nc6CSZubqQmJ+1RaMnn3vK/Wfoj3lH0V Nwyonc6u4b0E3dY4enCpLaKWdwC+V8+H2YEO7g== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to d.root-servers.net for gov/DNSKEY
	Received 622 bytes from 199.7.91.13
	;; Response received from 199.7.91.13 (622 octets) ;; HEADER SECTION ;; id = 24841 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20220203050000 20220121040000 9799 . QYZBwkOE78sziVDiZS/PIG7elXDeJChPlRas01dMaG2oddT/3DNeLkMZeuaZDGMwRlSxTIxxfwMO t7pKW2gxqTZO9Azxb4kgXVkWHaRZlQy1kMwQHRj7PWwafjT/nxyKDK2lf0xy1Q46RrgFGclx2vNq S07G6URIinnWj95Vbu1TwxVwFEc6M7pwgM7ofrt9O4giToHvOeCVvm/ALa8MFAp4L1J33A2mpg2x x9x3OOiwfxtPtQLbboWoHPkGmK17mvwwG31x8znPcED8Nc6CSZubqQmJ+1RaMnn3vK/Wfoj3lH0V Nwyonc6u4b0E3dY4enCpLaKWdwC+V8+H2YEO7g== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option:
	Found child zone gov

gov

	Checking DS between . and gov
	Query to d.root-servers.net for gov/DS
	Received 367 bytes from 199.7.91.13
	;; Response received from 199.7.91.13 (367 octets) ;; HEADER SECTION ;; id = 25646 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20220203050000 20220121040000 9799 . QYZBwkOE78sziVDiZS/PIG7elXDeJChPlRas01dMaG2oddT/3DNeLkMZeuaZDGMwRlSxTIxxfwMO t7pKW2gxqTZO9Azxb4kgXVkWHaRZlQy1kMwQHRj7PWwafjT/nxyKDK2lf0xy1Q46RrgFGclx2vNq S07G6URIinnWj95Vbu1TwxVwFEc6M7pwgM7ofrt9O4giToHvOeCVvm/ALa8MFAp4L1J33A2mpg2x x9x3OOiwfxtPtQLbboWoHPkGmK17mvwwG31x8znPcED8Nc6CSZubqQmJ+1RaMnn3vK/Wfoj3lH0V Nwyonc6u4b0E3dY4enCpLaKWdwC+V8+H2YEO7g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option:
	Found 1 DS records for gov in the . zone
	DS=7698/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20220203050000 20220121040000 9799 . QYZBwkOE78sziVDiZS/PIG7elXDeJChPlRas01dMaG2oddT/3DNeLkMZeuaZDGMwRlSxTIxxfwMO t7pKW2gxqTZO9Azxb4kgXVkWHaRZlQy1kMwQHRj7PWwafjT/nxyKDK2lf0xy1Q46RrgFGclx2vNq S07G6URIinnWj95Vbu1TwxVwFEc6M7pwgM7ofrt9O4giToHvOeCVvm/ALa8MFAp4L1J33A2mpg2x x9x3OOiwfxtPtQLbboWoHPkGmK17mvwwG31x8znPcED8Nc6CSZubqQmJ+1RaMnn3vK/Wfoj3lH0V Nwyonc6u4b0E3dY4enCpLaKWdwC+V8+H2YEO7g== )`
	RRSIG=9799 and DNSKEY=9799 verifies the DS RRset
	DS=7698/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	Query to d.gov-servers.net for gov/DNSKEY
	Received 777 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (777 octets) ;; HEADER SECTION ;; id = 61392 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcrxKCBVgdzZoceapYfTSdA4A/hRgr01fMqkfcWXPOlSzVxUCJJL/k5ZhtOzmrzpO4RAI+yz DhlVtXF+aXJK1UGIrPT1FCrF5fMup0TBnPCYATjz0BIn+jzCLRyxljwUw11AMYvzYLdF+O0YxbzE XOM+oydCOTbJRWZKKXtG80bZvRwcaa3tqyaPJoNrAaQAQojLHiMrtOmEdjIb2TTx95s= ) ; Key ID = 7030 gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20220203200254 20220119195754 7698 gov. krNKH8YoFOOvIraLx75fDnwyRV1mFV0P3N46gcG5rKurxZzjK+zZx+YWwNDjvnSss3ju//rZXJQF SznBdg/q00S7YItRCOkVniNy26aVhZqeoywyrkBCVEo4hjOiRn87Mmj3p9pbM45FZib72itC7MCc jbx/dOKC0C4OQTNDXjqE+5zdx84CVPKwVE81gxl3UQfX27FcOUkdCQScD7dQyQbUkb23s1ephHWQ p4mLmyR0yo601uP05Apo7Gxr8vTcx9BcNQdbvj3X6tzpx330kkPcLSbQcEhxqDbqXQzxa7UwCcUr ZjoT7fAetOTRunxwG61xWtMtRC4KlhLlEYaYiA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for gov
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcrxKCBVgdzZoceapYfTSdA4A/hRgr01fMqkfcWXPOlSzVxUCJJL/k5ZhtOzmrzpO4RAI+yz DhlVtXF+aXJK1UGIrPT1FCrF5fMup0TBnPCYATjz0BIn+jzCLRyxljwUw11AMYvzYLdF+O0YxbzE XOM+oydCOTbJRWZKKXtG80bZvRwcaa3tqyaPJoNrAaQAQojLHiMrtOmEdjIb2TTx95s= ) ; Key ID = 7030`
	`gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20220203200254 20220119195754 7698 gov. krNKH8YoFOOvIraLx75fDnwyRV1mFV0P3N46gcG5rKurxZzjK+zZx+YWwNDjvnSss3ju//rZXJQF SznBdg/q00S7YItRCOkVniNy26aVhZqeoywyrkBCVEo4hjOiRn87Mmj3p9pbM45FZib72itC7MCc jbx/dOKC0C4OQTNDXjqE+5zdx84CVPKwVE81gxl3UQfX27FcOUkdCQScD7dQyQbUkb23s1ephHWQ p4mLmyR0yo601uP05Apo7Gxr8vTcx9BcNQdbvj3X6tzpx330kkPcLSbQcEhxqDbqXQzxa7UwCcUr ZjoT7fAetOTRunxwG61xWtMtRC4KlhLlEYaYiA== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=7030 is now in the chain-of-trust
	Query to c.gov-servers.net for adf.gov/A
	Received 500 bytes from 69.36.153.30
	;; Response received from 69.36.153.30 (500 octets) ;; HEADER SECTION ;; id = 36132 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 86400 IN NS auth111.ns.uu.net. adf.gov. 86400 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20220126064149 20220119064149 7030 gov. Q7Sd8Rdmd1kkIphQO76bUnU38SxOCQwyDLHxEA6qSX/3OzmBJ0Cnlv09OcupflWOmh7ar98wEOb6 Eg1CWCiYq33vnO/urDujiBy6J2OVE9aQL0HdhTDYNgyeKr9rbqO9rrDRwMRJq0ljUKe405AqMl70 t6h7SxM7ottU4IuYIN3EPzV2AC07VX8xkHL6s+Xs/11HukIGI6jamk0MtYj68w== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to d.gov-servers.net for adf.gov/DNSKEY
	Received 500 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (500 octets) ;; HEADER SECTION ;; id = 50849 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 86400 IN NS auth111.ns.uu.net. adf.gov. 86400 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20220126064149 20220119064149 7030 gov. Q7Sd8Rdmd1kkIphQO76bUnU38SxOCQwyDLHxEA6qSX/3OzmBJ0Cnlv09OcupflWOmh7ar98wEOb6 Eg1CWCiYq33vnO/urDujiBy6J2OVE9aQL0HdhTDYNgyeKr9rbqO9rrDRwMRJq0ljUKe405AqMl70 t6h7SxM7ottU4IuYIN3EPzV2AC07VX8xkHL6s+Xs/11HukIGI6jamk0MtYj68w== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone adf.gov

adf.gov

	Checking DS between gov and adf.gov
	Query to d.gov-servers.net for adf.gov/DS
	Received 447 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (447 octets) ;; HEADER SECTION ;; id = 3124 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DS ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20220126064149 20220119064149 7030 gov. Q7Sd8Rdmd1kkIphQO76bUnU38SxOCQwyDLHxEA6qSX/3OzmBJ0Cnlv09OcupflWOmh7ar98wEOb6 Eg1CWCiYq33vnO/urDujiBy6J2OVE9aQL0HdhTDYNgyeKr9rbqO9rrDRwMRJq0ljUKe405AqMl70 t6h7SxM7ottU4IuYIN3EPzV2AC07VX8xkHL6s+Xs/11HukIGI6jamk0MtYj68w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 5 DS records for adf.gov in the gov zone
	DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-1 has algorithm RSASHA1
	DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-256 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20220126064149 20220119064149 7030 gov. Q7Sd8Rdmd1kkIphQO76bUnU38SxOCQwyDLHxEA6qSX/3OzmBJ0Cnlv09OcupflWOmh7ar98wEOb6 Eg1CWCiYq33vnO/urDujiBy6J2OVE9aQL0HdhTDYNgyeKr9rbqO9rrDRwMRJq0ljUKe405AqMl70 t6h7SxM7ottU4IuYIN3EPzV2AC07VX8xkHL6s+Xs/11HukIGI6jamk0MtYj68w== )`
	RRSIG=7030 and DNSKEY=7030 verifies the DS RRset
	DS=16281/SHA-1 is now in the chain-of-trust
	DS=51142/SHA-1 is now in the chain-of-trust
	DS=56043/SHA-256 is now in the chain-of-trust
	`adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77`
	`adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a`
	`adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba )`
	`adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf )`
	`adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc )`
	Query to auth120.ns.uu.net for adf.gov/DNSKEY
	Received 1730 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (1730 octets) ;; HEADER SECTION ;; id = 24997 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAeSsAOIUzybxSmBM6Fu7R2JJUuQDa9I7GMeeZv72FnUVaDK5pmAhdUmrBalieaWXJbvlllvc k8q8NKQbmvvYiGUK+RU90PgB0P6z6q8GVLKU0kEXIPDz5XZ4NAAFXN3eXnQoulUgR9mSoRXOyh1s xr3aGSh4cIAhBhRdjFMhnhqLrTfxfmW7rje9aoS0NGwxig/OVgB/Vx+wqzlpn+ccR8HFIWQ4cxLd aTqlRb5BQ1ZqnxE5KM6WxYBuc/GrZDKVjI9v2Tw8s5DAT2wNswpYYpgCkyqfSSzZLVifNLvUYJqI sLDS+3cjP+aP68Ol7NzVT+ypp77S4FkuN3ARCDOWZWc= ) ; Key ID = 11000 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAb/R73X1THWayi4fR0lokZ3maLUESaPX2XYcgWB3bXZdjiLJL7wVzudu1zuBPF1/+V8Jo5Rg Vu81N1jTe20uSVxGnJo4WAudYywOyD4flnsP9FGZx3gqJgSmOvTzjRpBKxI7Vbvvo6Z//+FTMWLH Yis0HmkERELfc4VzRU14i9+rKq4zo7tBwKJddZVXA/SQsxkUUbEsWnY65K4LPtpH6FAtJW7quF+P vD5/vlKqwkOt2fF1zMjgHD4d/eZybRcAzxZJiUCPWuZpgw1T1juCrHsDIeL/fmKzatEl6HAA1CSF wLCpWGl40dwkp79bWxJ2cJtdyUbg51KtKuHlENE/D8E= ) ; Key ID = 8349 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAZv/YF3xN+uVuzBvIRcFgnXUlZYNaTuG5GQbsKp67eopGAeoEhjh7QLd1YeOvtjk30Q4VD+0 Sg4sxfvXj6DM7JyN9G7HoXOaxPPELVpbliZQBZj1n+GuixgTiIttFZ39QMuVfqEp2HDw0BWa0t/0 bZssW0+vHW2SubEmhNfJRc4dz+SCF62fA3MhrHSy5At9mC3OS1JpbH2EwUaGF8bgQXs25Ha09LlE nFuP3m3//binncK1jmFJwSopgcO96YrRiw5Hxl14+vIKmg2apjb/3H21sdccEbrml1dq+cgkuOb1 I5GMLF9eFc1J7T/uqd6gw1dipWt+u5XZVHiCplqTPRE= ) ; Key ID = 57454 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAXJb1/vnMui8aaORbjLiWF44GbSsjECA3j1vP5sn1F+BbAXdkAxs7u6VODXpFknWDoOKqvN+ zb7PAaXdoqw8R2J+CznSuzEaZpi8AdUcKYPvd6RUB1d1TO57cxBRKCL15Mb1t3WqrO1qDa4M5Vpl oSa9FLWPGFXgUA6GG6/83Qc/Ei+RJgCvfg1LqbqDCOr+tsGIHurFywZpaWrELlRpnbcjQaAXM+W8 pefNp5w/H4LhFUxeNsGi5Mo6d2GpVKmWQBKWbuDNs3O/dCLugq7tn28wL4XHujk6f/ZhUbJa/lJz 4OxGSnf7Rk4kJeONdnB8cKqXdX16H03hRNxI5gSlsos= ) ; Key ID = 19803 adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20220128030339 20220121020339 11000 adf.gov. a/DeADzgc81ZyCxB3/8NDFKn9sDNB9Pp7kLo+XWEnq2hVcRK5y0Mg5jCWPdudymL0FFr7n+A47OH vI2tOHuOtJeCP8A8n30Zr/jhCht0YGzPv9kN3p/nMg4xNJcdhaYXckbivAn25PqQUyt6R3Zs2AUs M84naOKLJakFyqWDG26pQVBQCA0ZnmmNXpia3DYO+wHjRMFwg14xxDnTTUZvG/nLSCEX/HNGG/jE 1dGoMzXkf+s6MXU5vqUnlQcHWGLGR+gwG2Y8nrOg2WFyBzx1KHfwAAjwf9NFKHBdxZob/IfP3u7v l+IufL1B13yi5epn9V0GbVqlbLbNqSFjj+ibUw== ) adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20220128030339 20220121020339 57454 adf.gov. FTIzEJPr7nvWDyE8zN7wjUDnAAfbrBAqRzm1K1qCht31QKMAUG+0FlZhT7swwR647w7nVraW+re5 kF0lJRMAP+HgPGYD6UizcsauF5f8eLZRXAXGnnFeJgmpl764cN7I4R4aBAO6Dpzk/lcThV0W1iQy zy+ffPllItpJwOqlHQYAtN3mCMoOaD9RazDcdhZWpDjNg0G55a1cxlT3ee1IatjvOzSotU/h8VdH 8b9yM2pQJQGQBFR4fpfsSw3uQXJqH4oP+m/GYMq3DoMNaDWy5w2r+HdHo4a+4YBrkFsGzr0TPT8T mqI/FTZ8aQrEEGu9tl/C67S3OXO98y8LXd1UcA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 4 DNSKEY records for adf.gov
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAeSsAOIUzybxSmBM6Fu7R2JJUuQDa9I7GMeeZv72FnUVaDK5pmAhdUmrBalieaWXJbvlllvc k8q8NKQbmvvYiGUK+RU90PgB0P6z6q8GVLKU0kEXIPDz5XZ4NAAFXN3eXnQoulUgR9mSoRXOyh1s xr3aGSh4cIAhBhRdjFMhnhqLrTfxfmW7rje9aoS0NGwxig/OVgB/Vx+wqzlpn+ccR8HFIWQ4cxLd aTqlRb5BQ1ZqnxE5KM6WxYBuc/GrZDKVjI9v2Tw8s5DAT2wNswpYYpgCkyqfSSzZLVifNLvUYJqI sLDS+3cjP+aP68Ol7NzVT+ypp77S4FkuN3ARCDOWZWc= ) ; Key ID = 11000`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAb/R73X1THWayi4fR0lokZ3maLUESaPX2XYcgWB3bXZdjiLJL7wVzudu1zuBPF1/+V8Jo5Rg Vu81N1jTe20uSVxGnJo4WAudYywOyD4flnsP9FGZx3gqJgSmOvTzjRpBKxI7Vbvvo6Z//+FTMWLH Yis0HmkERELfc4VzRU14i9+rKq4zo7tBwKJddZVXA/SQsxkUUbEsWnY65K4LPtpH6FAtJW7quF+P vD5/vlKqwkOt2fF1zMjgHD4d/eZybRcAzxZJiUCPWuZpgw1T1juCrHsDIeL/fmKzatEl6HAA1CSF wLCpWGl40dwkp79bWxJ2cJtdyUbg51KtKuHlENE/D8E= ) ; Key ID = 8349`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAZv/YF3xN+uVuzBvIRcFgnXUlZYNaTuG5GQbsKp67eopGAeoEhjh7QLd1YeOvtjk30Q4VD+0 Sg4sxfvXj6DM7JyN9G7HoXOaxPPELVpbliZQBZj1n+GuixgTiIttFZ39QMuVfqEp2HDw0BWa0t/0 bZssW0+vHW2SubEmhNfJRc4dz+SCF62fA3MhrHSy5At9mC3OS1JpbH2EwUaGF8bgQXs25Ha09LlE nFuP3m3//binncK1jmFJwSopgcO96YrRiw5Hxl14+vIKmg2apjb/3H21sdccEbrml1dq+cgkuOb1 I5GMLF9eFc1J7T/uqd6gw1dipWt+u5XZVHiCplqTPRE= ) ; Key ID = 57454`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAXJb1/vnMui8aaORbjLiWF44GbSsjECA3j1vP5sn1F+BbAXdkAxs7u6VODXpFknWDoOKqvN+ zb7PAaXdoqw8R2J+CznSuzEaZpi8AdUcKYPvd6RUB1d1TO57cxBRKCL15Mb1t3WqrO1qDa4M5Vpl oSa9FLWPGFXgUA6GG6/83Qc/Ei+RJgCvfg1LqbqDCOr+tsGIHurFywZpaWrELlRpnbcjQaAXM+W8 pefNp5w/H4LhFUxeNsGi5Mo6d2GpVKmWQBKWbuDNs3O/dCLugq7tn28wL4XHujk6f/ZhUbJa/lJz 4OxGSnf7Rk4kJeONdnB8cKqXdX16H03hRNxI5gSlsos= ) ; Key ID = 19803`
	DS=16281/SHA-1 is published, but a corresponding DNSKEY is not
	DS=51142/SHA-1 is published, but a corresponding DNSKEY is not
	DS=56043/SHA-256 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 5 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20220128030339 20220121020339 11000 adf.gov. a/DeADzgc81ZyCxB3/8NDFKn9sDNB9Pp7kLo+XWEnq2hVcRK5y0Mg5jCWPdudymL0FFr7n+A47OH vI2tOHuOtJeCP8A8n30Zr/jhCht0YGzPv9kN3p/nMg4xNJcdhaYXckbivAn25PqQUyt6R3Zs2AUs M84naOKLJakFyqWDG26pQVBQCA0ZnmmNXpia3DYO+wHjRMFwg14xxDnTTUZvG/nLSCEX/HNGG/jE 1dGoMzXkf+s6MXU5vqUnlQcHWGLGR+gwG2Y8nrOg2WFyBzx1KHfwAAjwf9NFKHBdxZob/IfP3u7v l+IufL1B13yi5epn9V0GbVqlbLbNqSFjj+ibUw== )`
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20220128030339 20220121020339 57454 adf.gov. FTIzEJPr7nvWDyE8zN7wjUDnAAfbrBAqRzm1K1qCht31QKMAUG+0FlZhT7swwR647w7nVraW+re5 kF0lJRMAP+HgPGYD6UizcsauF5f8eLZRXAXGnnFeJgmpl764cN7I4R4aBAO6Dpzk/lcThV0W1iQy zy+ffPllItpJwOqlHQYAtN3mCMoOaD9RazDcdhZWpDjNg0G55a1cxlT3ee1IatjvOzSotU/h8VdH 8b9yM2pQJQGQBFR4fpfsSw3uQXJqH4oP+m/GYMq3DoMNaDWy5w2r+HdHo4a+4YBrkFsGzr0TPT8T mqI/FTZ8aQrEEGu9tl/C67S3OXO98y8LXd1UcA== )`
	RRSIG=11000 and DNSKEY=11000 verifies the DNSKEY RRset
	RRSIG=57454 and DNSKEY=57454/SEP verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (347 octets) ;; HEADER SECTION ;; id = 4997 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20220128030339 20220121020339 11000 adf.gov. H3/8eNQCUpIDML0WFURNcQE2TPaMNHprsEGGQ3JXFIZLVz9QTwa+T+n66SDG6Lc4sS6o7XZ0zXql L3Q0zCIxorj7WlfU932xj9IYxVxdmkGZOvyb4DLrAukbNg1AKxcxGx117X5/mEP5boqBSYRQX1pM hBHF0Dv9DqhgsiAVkxGWNJSHp24NQSHo9DsLDg+CPT1BsHZkmhkoaxtwitAm7WqbYO4kos1cmDib rZ/paeaLWuqpdWnxSfdWdw7teF9eiYB9/PeY2AijNh6Ev/s5AtfCjqIsK4bI++fNt8hVIfegMSB1 cy/Gk1d9OMdlioVH9yU1Eum0RwJJ7ZgFjEDf8g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	auth111.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth120.ns.uu.net for adf.gov/SOA
	Received 395 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (395 octets) ;; HEADER SECTION ;; id = 45923 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN SOA ;; ANSWER SECTION (2 records) adf.gov. 3600 IN SOA ( auth111.ns.uu.net. hostmaster.uu.net. 10347 ;serial 1800 ;refresh 600 ;retry 1728000 ;expire 3600 ;minimum ) adf.gov. 3600 IN RRSIG ( SOA 7 2 3600 20220128030339 20220121020339 11000 adf.gov. OM0IFiBXUflPwIGdk92mPb86beZmpGZV/h7F/gcqvKfoF3RzaFTUXIGs/uTMS5rSk+GVK2tcgqL8 7Fe4jbdCLyxgdwN6t34ippWGXOLohMoFZztOspo3Sw6FbdwTu3P96PTetsQM6htNgnc+FyOdaAVl QoNuONW1cUQDliymrATkaHS6CrZhD18CJxA3grYQWZrPoHUs2dysRM4lCxiEFAxWOByV+Ei/RVWb KZ4Ae6KPLQIKbTKs/vGV69OY3saJ3k4mxu5pFjdRpYtnOrXnjPYZOajffftC1pUkWtDM+JJq5FJj St6Rir59O2nVDOmD768910PU4zl1i91POoov3g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (347 octets) ;; HEADER SECTION ;; id = 12004 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20220128030339 20220121020339 11000 adf.gov. H3/8eNQCUpIDML0WFURNcQE2TPaMNHprsEGGQ3JXFIZLVz9QTwa+T+n66SDG6Lc4sS6o7XZ0zXql L3Q0zCIxorj7WlfU932xj9IYxVxdmkGZOvyb4DLrAukbNg1AKxcxGx117X5/mEP5boqBSYRQX1pM hBHF0Dv9DqhgsiAVkxGWNJSHp24NQSHo9DsLDg+CPT1BsHZkmhkoaxtwitAm7WqbYO4kos1cmDib rZ/paeaLWuqpdWnxSfdWdw7teF9eiYB9/PeY2AijNh6Ev/s5AtfCjqIsK4bI++fNt8hVIfegMSB1 cy/Gk1d9OMdlioVH9yU1Eum0RwJJ7ZgFjEDf8g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20220128030339 20220121020339 11000 adf.gov. H3/8eNQCUpIDML0WFURNcQE2TPaMNHprsEGGQ3JXFIZLVz9QTwa+T+n66SDG6Lc4sS6o7XZ0zXql L3Q0zCIxorj7WlfU932xj9IYxVxdmkGZOvyb4DLrAukbNg1AKxcxGx117X5/mEP5boqBSYRQX1pM hBHF0Dv9DqhgsiAVkxGWNJSHp24NQSHo9DsLDg+CPT1BsHZkmhkoaxtwitAm7WqbYO4kos1cmDib rZ/paeaLWuqpdWnxSfdWdw7teF9eiYB9/PeY2AijNh6Ev/s5AtfCjqIsK4bI++fNt8hVIfegMSB1 cy/Gk1d9OMdlioVH9yU1Eum0RwJJ7ZgFjEDf8g== )`
	RRSIG=11000 and DNSKEY=11000 verifies the A RRset

adf.gov

	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (347 octets) ;; HEADER SECTION ;; id = 37947 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20220128030339 20220121020339 11000 adf.gov. H3/8eNQCUpIDML0WFURNcQE2TPaMNHprsEGGQ3JXFIZLVz9QTwa+T+n66SDG6Lc4sS6o7XZ0zXql L3Q0zCIxorj7WlfU932xj9IYxVxdmkGZOvyb4DLrAukbNg1AKxcxGx117X5/mEP5boqBSYRQX1pM hBHF0Dv9DqhgsiAVkxGWNJSHp24NQSHo9DsLDg+CPT1BsHZkmhkoaxtwitAm7WqbYO4kos1cmDib rZ/paeaLWuqpdWnxSfdWdw7teF9eiYB9/PeY2AijNh6Ev/s5AtfCjqIsK4bI++fNt8hVIfegMSB1 cy/Gk1d9OMdlioVH9yU1Eum0RwJJ7ZgFjEDf8g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	auth120.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (347 octets) ;; HEADER SECTION ;; id = 9181 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20220128030339 20220121020339 11000 adf.gov. H3/8eNQCUpIDML0WFURNcQE2TPaMNHprsEGGQ3JXFIZLVz9QTwa+T+n66SDG6Lc4sS6o7XZ0zXql L3Q0zCIxorj7WlfU932xj9IYxVxdmkGZOvyb4DLrAukbNg1AKxcxGx117X5/mEP5boqBSYRQX1pM hBHF0Dv9DqhgsiAVkxGWNJSHp24NQSHo9DsLDg+CPT1BsHZkmhkoaxtwitAm7WqbYO4kos1cmDib rZ/paeaLWuqpdWnxSfdWdw7teF9eiYB9/PeY2AijNh6Ev/s5AtfCjqIsK4bI++fNt8hVIfegMSB1 cy/Gk1d9OMdlioVH9yU1Eum0RwJJ7ZgFjEDf8g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20220128030339 20220121020339 11000 adf.gov. H3/8eNQCUpIDML0WFURNcQE2TPaMNHprsEGGQ3JXFIZLVz9QTwa+T+n66SDG6Lc4sS6o7XZ0zXql L3Q0zCIxorj7WlfU932xj9IYxVxdmkGZOvyb4DLrAukbNg1AKxcxGx117X5/mEP5boqBSYRQX1pM hBHF0Dv9DqhgsiAVkxGWNJSHp24NQSHo9DsLDg+CPT1BsHZkmhkoaxtwitAm7WqbYO4kos1cmDib rZ/paeaLWuqpdWnxSfdWdw7teF9eiYB9/PeY2AijNh6Ev/s5AtfCjqIsK4bI++fNt8hVIfegMSB1 cy/Gk1d9OMdlioVH9yU1Eum0RwJJ7ZgFjEDf8g== )`
	RRSIG=11000 and DNSKEY=11000 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: