DNSSEC Analyzer

Domain Name:

Time: 2022-11-28 19:16:36 UTC, NTP stratum 16

Analyzing DNSSEC problems for adf.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to d.root-servers.net for ./DNSKEY
	Received 864 bytes from 199.7.91.13
	;; Response received from 199.7.91.13 (864 octets) ;; HEADER SECTION ;; id = 13895 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAeB54o2xvW6vY4qQZ0krDsEZCe6MsRWCqsXd4+cNJZMePnlV/xwDrIbbeH1SJzv742rOHzgA KM1/3SQHHSkoEIPx8XQdHAZBxfhaXl3e8c5WrE3aGXS5AeTWAkt85ccqWgKyitxjFmJEOol0BqS2 xueltaDwgWcC10nPUY+y5l/kTOYyptYQS4gg1uJNXIob/R1XIEJ10ZCurkYqZxgqyHc7tZv09N23 o9rnGdjnYiArH7FjlXD8Rvjde8YWkmfdbCEWnchrnxDK8KV2/ZvBpG/WYnRKXYPUceGCw59OJdJ5 M7utkm547RB3eEd8CVVhbXopZlsKq3GCrBwaIVe9ci0= ) ; Key ID = 18733 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20221211000000 20221120000000 20326 . Y8Or1olHbjYMKfZxcKA8mP9+GWhl66Cu6Mrjh9NzLuBZ+14JZodwSJ5JaXzJxRzgHxTd/TWvnI4b AM/DQ8NYyRX/QezQdGU4ZE5RcrZLanxuX/FQR/qIMlLttCsoPtlM677HA3CecqLljbrcayIDSKMg hh5iKV1iOoW1BP1KZwgH4Y87fiWbevk+AmN5xbJCPk1iCis+kMulacxTFC+g0jyLv1V0C2hneqZ5 8os/QvW7XNBWLd9OC1LbMVVkfgUsVYqfwLjcieQ5YVRshfy2Iazv2sLo87sGvBnLmSUx8F4hiotE K6UjTNNun1tKe0VTBVkXQyaIzfUOkPgoMoWojg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1450 ;; option:
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeB54o2xvW6vY4qQZ0krDsEZCe6MsRWCqsXd4+cNJZMePnlV/xwDrIbbeH1SJzv742rOHzgA KM1/3SQHHSkoEIPx8XQdHAZBxfhaXl3e8c5WrE3aGXS5AeTWAkt85ccqWgKyitxjFmJEOol0BqS2 xueltaDwgWcC10nPUY+y5l/kTOYyptYQS4gg1uJNXIob/R1XIEJ10ZCurkYqZxgqyHc7tZv09N23 o9rnGdjnYiArH7FjlXD8Rvjde8YWkmfdbCEWnchrnxDK8KV2/ZvBpG/WYnRKXYPUceGCw59OJdJ5 M7utkm547RB3eEd8CVVhbXopZlsKq3GCrBwaIVe9ci0= ) ; Key ID = 18733`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20221211000000 20221120000000 20326 . Y8Or1olHbjYMKfZxcKA8mP9+GWhl66Cu6Mrjh9NzLuBZ+14JZodwSJ5JaXzJxRzgHxTd/TWvnI4b AM/DQ8NYyRX/QezQdGU4ZE5RcrZLanxuX/FQR/qIMlLttCsoPtlM677HA3CecqLljbrcayIDSKMg hh5iKV1iOoW1BP1KZwgH4Y87fiWbevk+AmN5xbJCPk1iCis+kMulacxTFC+g0jyLv1V0C2hneqZ5 8os/QvW7XNBWLd9OC1LbMVVkfgUsVYqfwLjcieQ5YVRshfy2Iazv2sLo87sGvBnLmSUx8F4hiotE K6UjTNNun1tKe0VTBVkXQyaIzfUOkPgoMoWojg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=18733 is now in the chain-of-trust
	Query to g.root-servers.net for adf.gov/A
	Received 626 bytes from 192.112.36.4
	;; Response received from 192.112.36.4 (626 octets) ;; HEADER SECTION ;; id = 43204 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20221211170000 20221128160000 18733 . IKV+yYkguo8XVZD1TDliQX5qOkNDvzyDAUFQKYK1XjRM1HEEI/2SN4ab4ATDq+rmUso0vA6p5r7P O74Q1CyvTtajLoa3GGmq/uIW3e2yLlX875KUTlbTCFxHtWTOM03pF/alga8aiZM7V08WtD3c8b/j 9RtW40lYfRtbldaTdzrce9wY8GQumJmpO1knnmJLRZtHn1OvMwnWm6bQ4oyCgdRGwespvQx+6Lvq TPdSOd/TNjoDrw4lAxCFv7TUmXHSIoYMIvIWA+TRX3utgN6ZSgNm2UiJm1VtOSSVBWSzK23WakyL ucVs/ref0/OCCJf87jzelHE/QLjSgc7Y1ZrKfA== ) ;; ADDITIONAL SECTION (9 records) d.gov-servers.net. 172800 IN A 81.19.194.30 c.gov-servers.net. 172800 IN A 69.36.153.30 b.gov-servers.net. 172800 IN A 209.112.123.30 a.gov-servers.net. 172800 IN A 69.36.157.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to c.root-servers.net for gov/DNSKEY
	Received 622 bytes from 192.33.4.12
	;; Response received from 192.33.4.12 (622 octets) ;; HEADER SECTION ;; id = 46877 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20221211170000 20221128160000 18733 . IKV+yYkguo8XVZD1TDliQX5qOkNDvzyDAUFQKYK1XjRM1HEEI/2SN4ab4ATDq+rmUso0vA6p5r7P O74Q1CyvTtajLoa3GGmq/uIW3e2yLlX875KUTlbTCFxHtWTOM03pF/alga8aiZM7V08WtD3c8b/j 9RtW40lYfRtbldaTdzrce9wY8GQumJmpO1knnmJLRZtHn1OvMwnWm6bQ4oyCgdRGwespvQx+6Lvq TPdSOd/TNjoDrw4lAxCFv7TUmXHSIoYMIvIWA+TRX3utgN6ZSgNm2UiJm1VtOSSVBWSzK23WakyL ucVs/ref0/OCCJf87jzelHE/QLjSgc7Y1ZrKfA== ) ;; ADDITIONAL SECTION (9 records) d.gov-servers.net. 172800 IN A 81.19.194.30 c.gov-servers.net. 172800 IN A 69.36.153.30 b.gov-servers.net. 172800 IN A 209.112.123.30 a.gov-servers.net. 172800 IN A 69.36.157.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found child zone gov

gov

	Checking DS between . and gov
	Query to f.root-servers.net for gov/DS
	Received 367 bytes from 192.5.5.241
	;; Response received from 192.5.5.241 (367 octets) ;; HEADER SECTION ;; id = 8565 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20221211170000 20221128160000 18733 . IKV+yYkguo8XVZD1TDliQX5qOkNDvzyDAUFQKYK1XjRM1HEEI/2SN4ab4ATDq+rmUso0vA6p5r7P O74Q1CyvTtajLoa3GGmq/uIW3e2yLlX875KUTlbTCFxHtWTOM03pF/alga8aiZM7V08WtD3c8b/j 9RtW40lYfRtbldaTdzrce9wY8GQumJmpO1knnmJLRZtHn1OvMwnWm6bQ4oyCgdRGwespvQx+6Lvq TPdSOd/TNjoDrw4lAxCFv7TUmXHSIoYMIvIWA+TRX3utgN6ZSgNm2UiJm1VtOSSVBWSzK23WakyL ucVs/ref0/OCCJf87jzelHE/QLjSgc7Y1ZrKfA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found 1 DS records for gov in the . zone
	DS=7698/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20221211170000 20221128160000 18733 . IKV+yYkguo8XVZD1TDliQX5qOkNDvzyDAUFQKYK1XjRM1HEEI/2SN4ab4ATDq+rmUso0vA6p5r7P O74Q1CyvTtajLoa3GGmq/uIW3e2yLlX875KUTlbTCFxHtWTOM03pF/alga8aiZM7V08WtD3c8b/j 9RtW40lYfRtbldaTdzrce9wY8GQumJmpO1knnmJLRZtHn1OvMwnWm6bQ4oyCgdRGwespvQx+6Lvq TPdSOd/TNjoDrw4lAxCFv7TUmXHSIoYMIvIWA+TRX3utgN6ZSgNm2UiJm1VtOSSVBWSzK23WakyL ucVs/ref0/OCCJf87jzelHE/QLjSgc7Y1ZrKfA== )`
	RRSIG=18733 and DNSKEY=18733 verifies the DS RRset
	DS=7698/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	Query to c.gov-servers.net for gov/DNSKEY
	Received 777 bytes from 69.36.153.30
	;; Response received from 69.36.153.30 (777 octets) ;; HEADER SECTION ;; id = 32627 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 gov. 86400 IN DNSKEY ( 256 3 8 AwEAAdTUAXnPaU/j+tBXBKqj7wf6CTR5erm5HMRumZ8tyIXi4rmbOdvpGcGLEu3YjqwkGoht1S4B a555IpEt+oUsjN57HbQ6eAMxBCX50EC1ipBmnnznhgoflu+DE+4No9wXHHh9pa6Vn8N7QiG1zZ4e kc9rS0to56mkLfNzJ+gjzH3tOfB9W5qnEqkqRuqXHnXxQQLBQ1I6vh1VZ5uQKYIe2H0= ) ; Key ID = 56278 gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20221205200254 20221120195754 7698 gov. FZUGnVFsKhKrSxuAbI6JdAQxCbzoP6JvsFLwKXwCMHIoBB2la/7+jwQ3DWB1LuJVqt/6SlSzTZbz mcq4Irnwjmwg+EQECsqhA7KIybCpPSiq/XsXPxvHrXes7+sVKa0UJ2wNq3yiKKzkAAlBOJfkEu5o 6jVpHpQ1NQG28rY1X4Ati7PE6ny3m3LkkrYEflE2YfXXOge+bCFjUBCBCX3YFTkJvrBuWUdfdyan 0FuN+tjFDUOzwz0t3RsiYrSfy8/Ozv8lzSI1Mip6f271uHgjpi51in8shWZibER4MxShpHa0zEQo kMiGRx3cxnAble1onSgEDfnovYe7Z7hm3ReLUQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for gov
	`gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAdTUAXnPaU/j+tBXBKqj7wf6CTR5erm5HMRumZ8tyIXi4rmbOdvpGcGLEu3YjqwkGoht1S4B a555IpEt+oUsjN57HbQ6eAMxBCX50EC1ipBmnnznhgoflu+DE+4No9wXHHh9pa6Vn8N7QiG1zZ4e kc9rS0to56mkLfNzJ+gjzH3tOfB9W5qnEqkqRuqXHnXxQQLBQ1I6vh1VZ5uQKYIe2H0= ) ; Key ID = 56278`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20221205200254 20221120195754 7698 gov. FZUGnVFsKhKrSxuAbI6JdAQxCbzoP6JvsFLwKXwCMHIoBB2la/7+jwQ3DWB1LuJVqt/6SlSzTZbz mcq4Irnwjmwg+EQECsqhA7KIybCpPSiq/XsXPxvHrXes7+sVKa0UJ2wNq3yiKKzkAAlBOJfkEu5o 6jVpHpQ1NQG28rY1X4Ati7PE6ny3m3LkkrYEflE2YfXXOge+bCFjUBCBCX3YFTkJvrBuWUdfdyan 0FuN+tjFDUOzwz0t3RsiYrSfy8/Ozv8lzSI1Mip6f271uHgjpi51in8shWZibER4MxShpHa0zEQo kMiGRx3cxnAble1onSgEDfnovYe7Z7hm3ReLUQ== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=56278 is now in the chain-of-trust
	Query to c.gov-servers.net for adf.gov/A
	Received 500 bytes from 69.36.153.30
	;; Response received from 69.36.153.30 (500 octets) ;; HEADER SECTION ;; id = 63543 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 86400 IN NS auth120.ns.uu.net. adf.gov. 86400 IN NS auth111.ns.uu.net. adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20221202194200 20221125194200 56278 gov. QiZf8998gJwlCYpHgdBBMVbOHVmupM9/sKGaSucXJ2y25Dpah6TKhb4FGisHhiL0Ckpqr+v52bSS xQXfmUe+S8fYVMqb4bklRi3H5z4nnNZgeQOqQueC5jyOrpt64LjHBRg/lazuSXf7AXZMFWM6AZzD cfZ2pztO2LiMgG6S/7uamGE8m6JcaTT6d63BJoVh5MNc7+ggwwchdjGX/OnpDQ== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to d.gov-servers.net for adf.gov/DNSKEY
	Received 500 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (500 octets) ;; HEADER SECTION ;; id = 46329 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 86400 IN NS auth120.ns.uu.net. adf.gov. 86400 IN NS auth111.ns.uu.net. adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20221202194200 20221125194200 56278 gov. QiZf8998gJwlCYpHgdBBMVbOHVmupM9/sKGaSucXJ2y25Dpah6TKhb4FGisHhiL0Ckpqr+v52bSS xQXfmUe+S8fYVMqb4bklRi3H5z4nnNZgeQOqQueC5jyOrpt64LjHBRg/lazuSXf7AXZMFWM6AZzD cfZ2pztO2LiMgG6S/7uamGE8m6JcaTT6d63BJoVh5MNc7+ggwwchdjGX/OnpDQ== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone adf.gov

adf.gov

	Checking DS between gov and adf.gov
	Query to a.gov-servers.net for adf.gov/DS
	Received 447 bytes from 69.36.157.30
	;; Response received from 69.36.157.30 (447 octets) ;; HEADER SECTION ;; id = 28788 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DS ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20221202194200 20221125194200 56278 gov. QiZf8998gJwlCYpHgdBBMVbOHVmupM9/sKGaSucXJ2y25Dpah6TKhb4FGisHhiL0Ckpqr+v52bSS xQXfmUe+S8fYVMqb4bklRi3H5z4nnNZgeQOqQueC5jyOrpt64LjHBRg/lazuSXf7AXZMFWM6AZzD cfZ2pztO2LiMgG6S/7uamGE8m6JcaTT6d63BJoVh5MNc7+ggwwchdjGX/OnpDQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 5 DS records for adf.gov in the gov zone
	DS=51142/SHA-256 has algorithm RSASHA1
	DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-1 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20221202194200 20221125194200 56278 gov. QiZf8998gJwlCYpHgdBBMVbOHVmupM9/sKGaSucXJ2y25Dpah6TKhb4FGisHhiL0Ckpqr+v52bSS xQXfmUe+S8fYVMqb4bklRi3H5z4nnNZgeQOqQueC5jyOrpt64LjHBRg/lazuSXf7AXZMFWM6AZzD cfZ2pztO2LiMgG6S/7uamGE8m6JcaTT6d63BJoVh5MNc7+ggwwchdjGX/OnpDQ== )`
	RRSIG=56278 and DNSKEY=56278 verifies the DS RRset
	DS=51142/SHA-256 is now in the chain-of-trust
	DS=16281/SHA-256 is now in the chain-of-trust
	DS=56043/SHA-256 is now in the chain-of-trust
	`adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc )`
	`adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf )`
	`adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba )`
	`adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77`
	`adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a`
	Query to auth111.ns.uu.net for adf.gov/DNSKEY
	Received 1730 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (1730 octets) ;; HEADER SECTION ;; id = 40384 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAc6kwsUMEyeFZW/lISfbXUxze4cZN0tmoJdf+VP1A822+kOC4Gu2CngL4USH2iNHhpN/tMov g03mD+PIaFrhOR0AmgmN31TKVM4II4zgcTjJAPidB2X+eVXjmcEm4viuAOVbioNdLRppC4RaBBGz 0SJ6DnQrp6DLzU/pMSdmxaxrg3j4hS52DrgztganqZDAz2fShyWsNLjck0IxiwKmjEJl1Q6fHJHY y7aoggkK+S8KJAqNcBsv/0ohBBoB8paf2194K6MVSIe+tlE+m+FCyuUlke6gEK0AeX6GDzLFNpOq IYZunBhINA+9M55S4/x1Ls8K3cHl+PPXsnlWCGxI9Fs= ) ; Key ID = 34874 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAagAbgdH7CCmOBTA1FSWHyMU0I0sHrhL9IywEv64u2WmEYVPuOLxMk9eSGGUp+aTwSGTtGzm ky+ciU9lziGRi7ov5+yG8Ex33mUUfMFrP/Qz6mZrt9uHoOID9e0sEKGf+9al4LPCTeYb5CX+eZGk GG0+TGIhL9NnwzslXUPCLRAuv2b0EZpXF/wQJQJAuKVQasSH9IGlPQ8fiplbCm/7cscTRKVNUpTq zRh+ycWOVAbtNAC9qM/oAT3E4vGBWNNUc27+zI13W7GOfXA/O2a7oruR/QZFBcAI2hrrEQOfJQl6 HfkAYl97hXB5CvRgvb1/k2dsuzm5nOIDwiCFbqH4vHk= ) ; Key ID = 33878 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAalDA/rMYkXuAN8+R+f96Js4D23A5O9rh4maNjBoyqmr81eJd4rqUPxaxYvaHiGYK+KfQiLl UkIZ4tUJ95YMzlMA8Arf3GQ7krFIhgnKe8sBfAyafV0lk+XhgBqYi7wCEVmHcxbaExWCioHvskds inWqtKspGRdTeXNUHHFs6w3PWzOMRhpo4oVCAZMbxrnJJ512l2zUwpSOef1y0Sih/lD9IycZGZpu U5YrOeR3VUg46ekiJKbgDdUGwB7gdQoFYNRseSEsK2erqzAMb1sOPC69/9+nGRyjynZG5dROOgQ/ qCCZ9gxZOGHGXuE0aJNYPMJN6Dr4e4wVJ5gyotxn5gE= ) ; Key ID = 38259 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAXbEo8/1umRDE3hxS7MEKTKoA76CY92WouBbLBoI23rrxzpF5MqNkx24r4a/mwmugAuasJqz CXCWsOChjzaVoPD8OeqmOxKTxz794grUhDTR1huOf2vQvjDOVbPJRMtclkbfhNkFt6lmIGEdmeGR csxI+rNxSFC/ehk66jquglaWEtWLoqO1aOOKWr7AMf1QZ+18N2eZqZ9ZmA5a0k60XZBajkusuGW0 opznc5YOhQJ/+qdm920rwUokW+oDZmsEwfwzDyqKcagvuHbmbeNuTBh9hNeRnDO+44b/tfwYaw2W NGyG0MfB9L4bFxjjBBzXwV8QjLH83RAVOp/JeLRegjs= ) ; Key ID = 1066 adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20221205030338 20221128020338 1066 adf.gov. A9YaQ1wHrPKyUSYNnkGH1ewMff+DcdC5HL9LG/gPj4PT8XtyuVDlkC16ISUQ1kyCPoGE5ddL4qpG XJ5oU9ygj5sH9n98O6EUJGBilPb4RCquaFGzCfdw2FBRdF8H76PeSGkIaS1UBrD+D4gkviBDOIC9 fPX/1OkqVIPcTa2aMC1tnRu8z9gY/2CQNvLBalEbp6c8YQV1HVNRrS3tADDOKiOVbvX4XVrrlH0Z HfdWRm7EMw+QXQpTq4hsUeyU0/nNLfR9RAjn07PelDs62kj+JBk4qAl65t/6EmPADCXhSH+B0+mH fp669GUiHUvbqqluhjXqGx2yJRrp+MJFqBdBZA== ) adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20221205030338 20221128020338 33878 adf.gov. Jdvul0Lb3OHbGBeO766v45n/iB+wWpKxnTtXLGfTrl6KSWsqwKLfZDJ6NxTXyNKznPuMzHZ379gF msBiCfXeGj8G6kVN4VIPRrOUKh7FWNf7z6vTqMVlvOId2QSY+1wQrijHCLJ1ux+KulxZoC8JnPmd 57EBJ7mqP12Xhoy1KAlM82q1MvO046d72DS4VxspM5UjgSsbwPpynecSHSIdcER2nDJDV4plByJV e40jcJ/IEOywJ+TK6IDyiSVRBVhxXBibmQs1pJNG5oKFw2o5Fl4Ju2liPUhIEsazog25UOsnojaB loojJdMEkSKEu6spRfCBVsux32D2kyX5MdbtRA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 4 DNSKEY records for adf.gov
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAc6kwsUMEyeFZW/lISfbXUxze4cZN0tmoJdf+VP1A822+kOC4Gu2CngL4USH2iNHhpN/tMov g03mD+PIaFrhOR0AmgmN31TKVM4II4zgcTjJAPidB2X+eVXjmcEm4viuAOVbioNdLRppC4RaBBGz 0SJ6DnQrp6DLzU/pMSdmxaxrg3j4hS52DrgztganqZDAz2fShyWsNLjck0IxiwKmjEJl1Q6fHJHY y7aoggkK+S8KJAqNcBsv/0ohBBoB8paf2194K6MVSIe+tlE+m+FCyuUlke6gEK0AeX6GDzLFNpOq IYZunBhINA+9M55S4/x1Ls8K3cHl+PPXsnlWCGxI9Fs= ) ; Key ID = 34874`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAagAbgdH7CCmOBTA1FSWHyMU0I0sHrhL9IywEv64u2WmEYVPuOLxMk9eSGGUp+aTwSGTtGzm ky+ciU9lziGRi7ov5+yG8Ex33mUUfMFrP/Qz6mZrt9uHoOID9e0sEKGf+9al4LPCTeYb5CX+eZGk GG0+TGIhL9NnwzslXUPCLRAuv2b0EZpXF/wQJQJAuKVQasSH9IGlPQ8fiplbCm/7cscTRKVNUpTq zRh+ycWOVAbtNAC9qM/oAT3E4vGBWNNUc27+zI13W7GOfXA/O2a7oruR/QZFBcAI2hrrEQOfJQl6 HfkAYl97hXB5CvRgvb1/k2dsuzm5nOIDwiCFbqH4vHk= ) ; Key ID = 33878`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAalDA/rMYkXuAN8+R+f96Js4D23A5O9rh4maNjBoyqmr81eJd4rqUPxaxYvaHiGYK+KfQiLl UkIZ4tUJ95YMzlMA8Arf3GQ7krFIhgnKe8sBfAyafV0lk+XhgBqYi7wCEVmHcxbaExWCioHvskds inWqtKspGRdTeXNUHHFs6w3PWzOMRhpo4oVCAZMbxrnJJ512l2zUwpSOef1y0Sih/lD9IycZGZpu U5YrOeR3VUg46ekiJKbgDdUGwB7gdQoFYNRseSEsK2erqzAMb1sOPC69/9+nGRyjynZG5dROOgQ/ qCCZ9gxZOGHGXuE0aJNYPMJN6Dr4e4wVJ5gyotxn5gE= ) ; Key ID = 38259`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAXbEo8/1umRDE3hxS7MEKTKoA76CY92WouBbLBoI23rrxzpF5MqNkx24r4a/mwmugAuasJqz CXCWsOChjzaVoPD8OeqmOxKTxz794grUhDTR1huOf2vQvjDOVbPJRMtclkbfhNkFt6lmIGEdmeGR csxI+rNxSFC/ehk66jquglaWEtWLoqO1aOOKWr7AMf1QZ+18N2eZqZ9ZmA5a0k60XZBajkusuGW0 opznc5YOhQJ/+qdm920rwUokW+oDZmsEwfwzDyqKcagvuHbmbeNuTBh9hNeRnDO+44b/tfwYaw2W NGyG0MfB9L4bFxjjBBzXwV8QjLH83RAVOp/JeLRegjs= ) ; Key ID = 1066`
	DS=51142/SHA-256 is published, but a corresponding DNSKEY is not
	DS=16281/SHA-256 is published, but a corresponding DNSKEY is not
	DS=56043/SHA-256 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 5 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20221205030338 20221128020338 1066 adf.gov. A9YaQ1wHrPKyUSYNnkGH1ewMff+DcdC5HL9LG/gPj4PT8XtyuVDlkC16ISUQ1kyCPoGE5ddL4qpG XJ5oU9ygj5sH9n98O6EUJGBilPb4RCquaFGzCfdw2FBRdF8H76PeSGkIaS1UBrD+D4gkviBDOIC9 fPX/1OkqVIPcTa2aMC1tnRu8z9gY/2CQNvLBalEbp6c8YQV1HVNRrS3tADDOKiOVbvX4XVrrlH0Z HfdWRm7EMw+QXQpTq4hsUeyU0/nNLfR9RAjn07PelDs62kj+JBk4qAl65t/6EmPADCXhSH+B0+mH fp669GUiHUvbqqluhjXqGx2yJRrp+MJFqBdBZA== )`
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20221205030338 20221128020338 33878 adf.gov. Jdvul0Lb3OHbGBeO766v45n/iB+wWpKxnTtXLGfTrl6KSWsqwKLfZDJ6NxTXyNKznPuMzHZ379gF msBiCfXeGj8G6kVN4VIPRrOUKh7FWNf7z6vTqMVlvOId2QSY+1wQrijHCLJ1ux+KulxZoC8JnPmd 57EBJ7mqP12Xhoy1KAlM82q1MvO046d72DS4VxspM5UjgSsbwPpynecSHSIdcER2nDJDV4plByJV e40jcJ/IEOywJ+TK6IDyiSVRBVhxXBibmQs1pJNG5oKFw2o5Fl4Ju2liPUhIEsazog25UOsnojaB loojJdMEkSKEu6spRfCBVsux32D2kyX5MdbtRA== )`
	RRSIG=1066 and DNSKEY=1066/SEP verifies the DNSKEY RRset
	RRSIG=33878 and DNSKEY=33878 verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (347 octets) ;; HEADER SECTION ;; id = 21808 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20221205030338 20221128020338 33878 adf.gov. DKFztP/ygoZuwgDtbyk0Z63eof9qw2TVG9nbZNnFP+Mmxnd1lD3O0gMO5EKYRh0J1Ey+7uVV7qS2 Me++XZi2ZykmJQKKTySikuNUrzrR5LlBDQdSxQuZYVkNoSVaCml+MJbCA12fIUX7xKQc/nA7OW4c CU4nfNJjqr7Wsjgu7BBpMl/KXGbrePOd5tydsir0gaZ7z1gl5JXZELTaRNz2TWQD38fb5A56vvx+ dJljF82ZmanIvYATliYd84UtwWPidZwgiPtUsMFwn0cboBrvA5hFlUhjB7686Ch8LziJwb64MdXT cQ0Qf9E51aVKRHY9AjpfL2dOvYAFccgctokdnw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	auth120.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth111.ns.uu.net for adf.gov/SOA
	Received 401 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (401 octets) ;; HEADER SECTION ;; id = 2764 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN SOA ;; ANSWER SECTION (2 records) adf.gov. 3600 IN SOA ( auth111.ns.uu.net. hostmaster.uu.net. 10971 ;serial 1800 ;refresh 600 ;retry 1728000 ;expire 3600 ;minimum ) adf.gov. 3600 IN RRSIG ( SOA 7 2 3600 20221205030338 20221128020338 33878 adf.gov. mTrIy3v+qmbgfhDG2VEneyVk/jF2llR10Ardg1m9EpJv/uu6BZkvkC1+9cKEofKbUYBGxCgDoazN jGDuxucd4gQSWBFWcxNwXUCunINvPQZBtsrNAoWUtjc3sIJKUdo1Fp1Y+qSDe+zb9kx52DB4Rts/ CM5GeiIwGzdY7XRa7KunsmfedRDWladc43Y/q5J7NyZbntW8PhrGoOnQVKdZrcUr41MU4Ebh2vt+ 8RS311rH/+yw7BaO0v+gCFmD5AM0ZihZn3JaRrkTz85VJ+9UHFSZ4koKVs4NELPV6jDy+VK88lt+ utJsBhnhaKsUIMZtxB+eCuZP/XRXmZbqKkFuRg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (347 octets) ;; HEADER SECTION ;; id = 12917 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20221205030338 20221128020338 33878 adf.gov. DKFztP/ygoZuwgDtbyk0Z63eof9qw2TVG9nbZNnFP+Mmxnd1lD3O0gMO5EKYRh0J1Ey+7uVV7qS2 Me++XZi2ZykmJQKKTySikuNUrzrR5LlBDQdSxQuZYVkNoSVaCml+MJbCA12fIUX7xKQc/nA7OW4c CU4nfNJjqr7Wsjgu7BBpMl/KXGbrePOd5tydsir0gaZ7z1gl5JXZELTaRNz2TWQD38fb5A56vvx+ dJljF82ZmanIvYATliYd84UtwWPidZwgiPtUsMFwn0cboBrvA5hFlUhjB7686Ch8LziJwb64MdXT cQ0Qf9E51aVKRHY9AjpfL2dOvYAFccgctokdnw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20221205030338 20221128020338 33878 adf.gov. DKFztP/ygoZuwgDtbyk0Z63eof9qw2TVG9nbZNnFP+Mmxnd1lD3O0gMO5EKYRh0J1Ey+7uVV7qS2 Me++XZi2ZykmJQKKTySikuNUrzrR5LlBDQdSxQuZYVkNoSVaCml+MJbCA12fIUX7xKQc/nA7OW4c CU4nfNJjqr7Wsjgu7BBpMl/KXGbrePOd5tydsir0gaZ7z1gl5JXZELTaRNz2TWQD38fb5A56vvx+ dJljF82ZmanIvYATliYd84UtwWPidZwgiPtUsMFwn0cboBrvA5hFlUhjB7686Ch8LziJwb64MdXT cQ0Qf9E51aVKRHY9AjpfL2dOvYAFccgctokdnw== )`
	RRSIG=33878 and DNSKEY=33878 verifies the A RRset

adf.gov

	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (347 octets) ;; HEADER SECTION ;; id = 22801 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20221205030338 20221128020338 33878 adf.gov. DKFztP/ygoZuwgDtbyk0Z63eof9qw2TVG9nbZNnFP+Mmxnd1lD3O0gMO5EKYRh0J1Ey+7uVV7qS2 Me++XZi2ZykmJQKKTySikuNUrzrR5LlBDQdSxQuZYVkNoSVaCml+MJbCA12fIUX7xKQc/nA7OW4c CU4nfNJjqr7Wsjgu7BBpMl/KXGbrePOd5tydsir0gaZ7z1gl5JXZELTaRNz2TWQD38fb5A56vvx+ dJljF82ZmanIvYATliYd84UtwWPidZwgiPtUsMFwn0cboBrvA5hFlUhjB7686Ch8LziJwb64MdXT cQ0Qf9E51aVKRHY9AjpfL2dOvYAFccgctokdnw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	auth111.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (347 octets) ;; HEADER SECTION ;; id = 8652 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20221205030338 20221128020338 33878 adf.gov. DKFztP/ygoZuwgDtbyk0Z63eof9qw2TVG9nbZNnFP+Mmxnd1lD3O0gMO5EKYRh0J1Ey+7uVV7qS2 Me++XZi2ZykmJQKKTySikuNUrzrR5LlBDQdSxQuZYVkNoSVaCml+MJbCA12fIUX7xKQc/nA7OW4c CU4nfNJjqr7Wsjgu7BBpMl/KXGbrePOd5tydsir0gaZ7z1gl5JXZELTaRNz2TWQD38fb5A56vvx+ dJljF82ZmanIvYATliYd84UtwWPidZwgiPtUsMFwn0cboBrvA5hFlUhjB7686Ch8LziJwb64MdXT cQ0Qf9E51aVKRHY9AjpfL2dOvYAFccgctokdnw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20221205030338 20221128020338 33878 adf.gov. DKFztP/ygoZuwgDtbyk0Z63eof9qw2TVG9nbZNnFP+Mmxnd1lD3O0gMO5EKYRh0J1Ey+7uVV7qS2 Me++XZi2ZykmJQKKTySikuNUrzrR5LlBDQdSxQuZYVkNoSVaCml+MJbCA12fIUX7xKQc/nA7OW4c CU4nfNJjqr7Wsjgu7BBpMl/KXGbrePOd5tydsir0gaZ7z1gl5JXZELTaRNz2TWQD38fb5A56vvx+ dJljF82ZmanIvYATliYd84UtwWPidZwgiPtUsMFwn0cboBrvA5hFlUhjB7686Ch8LziJwb64MdXT cQ0Qf9E51aVKRHY9AjpfL2dOvYAFccgctokdnw== )`
	RRSIG=33878 and DNSKEY=33878 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: