DNSSEC Debugger

Domain Name:

Time: 2025-07-04 03:43:12 UTC

Analyzing DNSSEC problems for adf.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to h.root-servers.net for ./DNSKEY
	Received 1414 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 1414 octets ;; HEADER SECTION ;; id = 56508 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=53148 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	DNSKEY=46441 is now in the chain-of-trust
	Query to f.root-servers.net for adf.gov/A
	Received 614 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 614 octets ;; HEADER SECTION ;; id = 58205 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250716170000 20250703160000 46441 . LFhHbEQhQS5xD00JDlwUmKHKN1MZx2i/vEqzyDd4dpFvd69/n76euR3/ibxl3vxHonNfEpu2LFKy oPc8hzo5oLcbt2NogmvERaPPtozfScLENUEpSXFLs69iMF7nJyP5rW0r+dJWIWYdP9ONseSEtbQ7 Kol6o58c0BeQ1r3GZvYiBvAxhPM6ZWd+cvx4CzeorQhSc0BXk11o1F6EAR5cJviLjVcckJAnS3fp TS/kCR3giLAhqV1tM8Z4CzHlW9aDlOwBBmk5l/W+StdibSQ6HRn8wAQmBxzK0rglRP1dEgcD9z4P HqSsb6nunZ6DBG/i6kZuZJnc2fgZnOYCXOokSg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to k.root-servers.net for gov/DNSKEY
	Received 610 bytes from 193.0.14.129
	;; Response received from [193.0.14.129] 610 octets ;; HEADER SECTION ;; id = 65494 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250716170000 20250703160000 46441 . LFhHbEQhQS5xD00JDlwUmKHKN1MZx2i/vEqzyDd4dpFvd69/n76euR3/ibxl3vxHonNfEpu2LFKy oPc8hzo5oLcbt2NogmvERaPPtozfScLENUEpSXFLs69iMF7nJyP5rW0r+dJWIWYdP9ONseSEtbQ7 Kol6o58c0BeQ1r3GZvYiBvAxhPM6ZWd+cvx4CzeorQhSc0BXk11o1F6EAR5cJviLjVcckJAnS3fp TS/kCR3giLAhqV1tM8Z4CzHlW9aDlOwBBmk5l/W+StdibSQ6HRn8wAQmBxzK0rglRP1dEgcD9z4P HqSsb6nunZ6DBG/i6kZuZJnc2fgZnOYCXOokSg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to l.root-servers.net for gov/DS
	Received 367 bytes from 199.7.83.42
	;; Response received from [199.7.83.42] 367 octets ;; HEADER SECTION ;; id = 2191 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250716170000 20250703160000 46441 . LFhHbEQhQS5xD00JDlwUmKHKN1MZx2i/vEqzyDd4dpFvd69/n76euR3/ibxl3vxHonNfEpu2LFKy oPc8hzo5oLcbt2NogmvERaPPtozfScLENUEpSXFLs69iMF7nJyP5rW0r+dJWIWYdP9ONseSEtbQ7 Kol6o58c0BeQ1r3GZvYiBvAxhPM6ZWd+cvx4CzeorQhSc0BXk11o1F6EAR5cJviLjVcckJAnS3fp TS/kCR3giLAhqV1tM8Z4CzHlW9aDlOwBBmk5l/W+StdibSQ6HRn8wAQmBxzK0rglRP1dEgcD9z4P HqSsb6nunZ6DBG/i6kZuZJnc2fgZnOYCXOokSg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20250716170000 20250703160000 46441 . LFhHbEQhQS5xD00JDlwUmKHKN1MZx2i/vEqzyDd4dpFvd69/n76euR3/ibxl3vxHonNfEpu2LFKy oPc8hzo5oLcbt2NogmvERaPPtozfScLENUEpSXFLs69iMF7nJyP5rW0r+dJWIWYdP9ONseSEtbQ7 Kol6o58c0BeQ1r3GZvYiBvAxhPM6ZWd+cvx4CzeorQhSc0BXk11o1F6EAR5cJviLjVcckJAnS3fp TS/kCR3giLAhqV1tM8Z4CzHlW9aDlOwBBmk5l/W+StdibSQ6HRn8wAQmBxzK0rglRP1dEgcD9z4P HqSsb6nunZ6DBG/i6kZuZJnc2fgZnOYCXOokSg== )`
	RRSIG=46441 and DNSKEY=46441 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to c.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 291 octets ;; HEADER SECTION ;; id = 55304 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to b.ns.gov for adf.gov/A
	Received 404 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 404 octets ;; HEADER SECTION ;; id = 4567 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 10800 IN NS auth111.ns.uu.net. adf.gov. 10800 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20250705044312 20250703024312 35496 gov. Ynz1WWv0BSCGMGBs+OPTYjTDZ78N4y4q89NMYxjN4KQPqcDjWE3WJ7m5LzepO6QxN00jIPrBUY0v Yr7urXMvrg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to c.ns.gov for adf.gov/DNSKEY
	Received 404 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 404 octets ;; HEADER SECTION ;; id = 23000 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 10800 IN NS auth111.ns.uu.net. adf.gov. 10800 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20250705044312 20250703024312 35496 gov. 9Wlf5OU54YPf0uuoDwJtkAeMvirZ5aEcyWAQMYqmgeXAynQ8MIspZTYmDTLqjQWdL7S91RruY9oB TwO9mqPFoQ== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone adf.gov

adf.gov

	Checking DS between gov and adf.gov
	Query to a.ns.gov for adf.gov/DS
	Received 351 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 351 octets ;; HEADER SECTION ;; id = 36875 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DS ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20250705044312 20250703024312 35496 gov. ivYfk7kf8XT/+PV5Jz3Ddv4J/zTfU0rtNKxQqR2KvEEYPG0r6mrai17H4IwcPhVitQhR90UnPnE8 y0SacI3msw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 5 DS records for adf.gov in the gov zone
	DS=16281/SHA-1 uses a deprecated digest algorithm
	DS=51142/SHA-1 uses a deprecated digest algorithm
	DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-1 has algorithm RSASHA1
	DS=51142/SHA-256 has algorithm RSASHA1
	DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	Found 1 RRSIGs over DS RRset
	`adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20250705044312 20250703024312 35496 gov. ivYfk7kf8XT/+PV5Jz3Ddv4J/zTfU0rtNKxQqR2KvEEYPG0r6mrai17H4IwcPhVitQhR90UnPnE8 y0SacI3msw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=16281/SHA-1 is now in the chain-of-trust
	DS=51142/SHA-1 is now in the chain-of-trust
	DS=56043/SHA-256 is now in the chain-of-trust
	`adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77`
	`adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf )`
	`adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a`
	`adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc )`
	`adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba )`
	Query to auth111.ns.uu.net for adf.gov/DNSKEY
	Received 1730 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 1730 octets ;; HEADER SECTION ;; id = 35325 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAaJdpa2gMzLZYlEU7OSprQ4SHJ0sn5jFq5yQLi0T10pyHyQB+rSBMfkztov+8BfGwg2QcKdY 5cBS6eVb89ryjErTKNxRplunIjWSCOqNId1nobnxjtB0w/c2fZCOvCt7eqg5Dkyk3BQF+VECGed3 DgBdhkzzGNsKMCR0DpmlXg5/R6lvNGlr73YprpanCnTwNMNYfdjs1aGKhfugN8U1qaT3J1VcxHOB rp2BydYXJXxfBcXVpQU+gpfMNuDrMab6Jrnv9AfCrFDlvX4rrQaKZtdv6BsnReJxm+3Alzqc/l3u VMcZmAmBo8Z1tEMWKo56eWSiRQU4pFGGPxqe/yEdgUk= ) ; keytag 3557 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAaakii7Az/5DfnPDSC46YkdZJUqIQhibh+uITchG9/4O/0mqKlbyqLeSyVNp5ftqyuodu/T8 smaCgVxgjQ6wZB6Oe+pVlgh68kmmAZFROX64D22b4X4Cqy2JrPtoDkCflS/mOeJYpeZkYe8FB/oS fiYXT5G3VLtb8/+JbwRx/lpBFp/lklfFzx6NSWJ8TF3qzJrAUeBJScRYl/LPfV8a9cGa6K/oLHpv aY+vnuSzvhPej3XeqeiVWiBccR09g4MzK67FLStjYVvJs2V9P1RdMsewiOGigl5ipJ0+aFHp/aHM WeFkGQC0l672hPaCmkZvok8slB3lAg8PX/FBR4amo8s= ) ; keytag 55875 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAdRCttMb195/y4bs+4vm6WZlBST91uAhzhsLE8m3fmC3dibir8RcmKDr3UTKuCxYT83pb4k/ MMtyqyI1TAcaeVQJTQEYga3Ryc6OH9NTIYt9Dn1JqHZgRXdykH2VF5wcrvoTMYClVXpoX4uzvfd0 IZDMoR8tdX+fHjNY5bn2g35nYQG5A7fEgSqDaMgedJmEzunoqNvkGwSA9En4bWb7vCCHz6oJgfZK 3vl3Wl8oODhwHr108F5E7RzJIQUCeF02+bLsbZg6/dspoxbTWCmQlEIvjC/IwpJuQDcQlGfdiee5 jfRvZSx1bTFcQBvzv+ROBov5R9HCT5/kFPsqwEJdzpk= ) ; keytag 61364 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAcIkmIHZliP2uXTA6K5OGgV6gdk4didvspqIpwaU1cD8o7+YTJOQP+1HfiXb1UHGcCWArRvD by9KSZsKFCaWNxBOlN0EXkRn1/t3SuFvzI+WutAGRVj3YZm74LMy+EUagT8ijE/V45uChutFJRsi VqHFARYjIh/R0vfw+KucMGBaE6L5b8pdw5AOydkN1kSgxDEYzvzFVesjA6fFn3/wpVN5LnHSQH2u Le2eKMhwmcvDU1RAnH7VzR+mhjM7laTSnCTJUzOzgWg6hQZMg5xsMLyzVxdXPK459KqYgijpA4xw Ym79aFrfHtR/zU7fOWa/JK2Z03wZDqsJYNVor9FdKxc= ) ; keytag 5940 adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20250711030505 20250704020505 5940 adf.gov. u2reFqOO3SIwtLjKlF308+JpCI3hjJdgbMXgYX+vDBaqMzrT8LQaBhbCEgxE14JJNFgymaf/I3QN 0qrvyki/AE0n4z9sLg5BBVY1F6VKTXuTxu7tdWBYoaysZoMqEIr++d9vVroU8aqiuVywdPZWIS/N Z8TDglQkzF4KStrc7nPSZq6GhQrP+4WoAe5/eH0mlnwEUjdKlBmbncHuhQBfccSRMRD9YLqu2iFR q6zSdYv/fxt4TMk3bndx6lyx/epp2YLIYJyxzicMXMAyH9OyTtE82UL/xW6u3P/xGR9st9tuz2rM e2aklD5L62XDwbmNLLCz5FfCLJy1Ts+l744QMw== ) adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20250711030505 20250704020505 61364 adf.gov. pOXvrEUqHVwWVuttRDsJU+AaRNcB6y3Ck+VMOGWlL2z2woAhhpYpPnAidbLbywNShJRxDYP39Afw imVQzXr+pYbWMkLVKQmKVKDfbR8q77tXBeNZBvG2SJ/EBkV8s5afLRJup0hQumRlgpoUqdIi9UzG AwcRpKxi1kCPzX9IPBw0zMJEEB0er7vxl0ZxCAFh5LYzFOq16H7snl4GTM5r0+l/UboAmxAfXsuc BzHI89a+2cSrLI/jBHuz/QzHUunwu5u3pBkDp/V3Uqqw6rJXiGnf+zDypYCtFNeoequnEihZEaVE 6c6hcZHxS2vQsj0qG0ACDsNEC4hQNDCerHouVA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for adf.gov
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAaJdpa2gMzLZYlEU7OSprQ4SHJ0sn5jFq5yQLi0T10pyHyQB+rSBMfkztov+8BfGwg2QcKdY 5cBS6eVb89ryjErTKNxRplunIjWSCOqNId1nobnxjtB0w/c2fZCOvCt7eqg5Dkyk3BQF+VECGed3 DgBdhkzzGNsKMCR0DpmlXg5/R6lvNGlr73YprpanCnTwNMNYfdjs1aGKhfugN8U1qaT3J1VcxHOB rp2BydYXJXxfBcXVpQU+gpfMNuDrMab6Jrnv9AfCrFDlvX4rrQaKZtdv6BsnReJxm+3Alzqc/l3u VMcZmAmBo8Z1tEMWKo56eWSiRQU4pFGGPxqe/yEdgUk= ) ; keytag 3557`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAaakii7Az/5DfnPDSC46YkdZJUqIQhibh+uITchG9/4O/0mqKlbyqLeSyVNp5ftqyuodu/T8 smaCgVxgjQ6wZB6Oe+pVlgh68kmmAZFROX64D22b4X4Cqy2JrPtoDkCflS/mOeJYpeZkYe8FB/oS fiYXT5G3VLtb8/+JbwRx/lpBFp/lklfFzx6NSWJ8TF3qzJrAUeBJScRYl/LPfV8a9cGa6K/oLHpv aY+vnuSzvhPej3XeqeiVWiBccR09g4MzK67FLStjYVvJs2V9P1RdMsewiOGigl5ipJ0+aFHp/aHM WeFkGQC0l672hPaCmkZvok8slB3lAg8PX/FBR4amo8s= ) ; keytag 55875`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAdRCttMb195/y4bs+4vm6WZlBST91uAhzhsLE8m3fmC3dibir8RcmKDr3UTKuCxYT83pb4k/ MMtyqyI1TAcaeVQJTQEYga3Ryc6OH9NTIYt9Dn1JqHZgRXdykH2VF5wcrvoTMYClVXpoX4uzvfd0 IZDMoR8tdX+fHjNY5bn2g35nYQG5A7fEgSqDaMgedJmEzunoqNvkGwSA9En4bWb7vCCHz6oJgfZK 3vl3Wl8oODhwHr108F5E7RzJIQUCeF02+bLsbZg6/dspoxbTWCmQlEIvjC/IwpJuQDcQlGfdiee5 jfRvZSx1bTFcQBvzv+ROBov5R9HCT5/kFPsqwEJdzpk= ) ; keytag 61364`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAcIkmIHZliP2uXTA6K5OGgV6gdk4didvspqIpwaU1cD8o7+YTJOQP+1HfiXb1UHGcCWArRvD by9KSZsKFCaWNxBOlN0EXkRn1/t3SuFvzI+WutAGRVj3YZm74LMy+EUagT8ijE/V45uChutFJRsi VqHFARYjIh/R0vfw+KucMGBaE6L5b8pdw5AOydkN1kSgxDEYzvzFVesjA6fFn3/wpVN5LnHSQH2u Le2eKMhwmcvDU1RAnH7VzR+mhjM7laTSnCTJUzOzgWg6hQZMg5xsMLyzVxdXPK459KqYgijpA4xw Ym79aFrfHtR/zU7fOWa/JK2Z03wZDqsJYNVor9FdKxc= ) ; keytag 5940`
	DS=16281/SHA-1 is published, but a corresponding DNSKEY is not
	DS=51142/SHA-1 is published, but a corresponding DNSKEY is not
	DS=56043/SHA-256 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 5 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20250711030505 20250704020505 5940 adf.gov. u2reFqOO3SIwtLjKlF308+JpCI3hjJdgbMXgYX+vDBaqMzrT8LQaBhbCEgxE14JJNFgymaf/I3QN 0qrvyki/AE0n4z9sLg5BBVY1F6VKTXuTxu7tdWBYoaysZoMqEIr++d9vVroU8aqiuVywdPZWIS/N Z8TDglQkzF4KStrc7nPSZq6GhQrP+4WoAe5/eH0mlnwEUjdKlBmbncHuhQBfccSRMRD9YLqu2iFR q6zSdYv/fxt4TMk3bndx6lyx/epp2YLIYJyxzicMXMAyH9OyTtE82UL/xW6u3P/xGR9st9tuz2rM e2aklD5L62XDwbmNLLCz5FfCLJy1Ts+l744QMw== )`
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20250711030505 20250704020505 61364 adf.gov. pOXvrEUqHVwWVuttRDsJU+AaRNcB6y3Ck+VMOGWlL2z2woAhhpYpPnAidbLbywNShJRxDYP39Afw imVQzXr+pYbWMkLVKQmKVKDfbR8q77tXBeNZBvG2SJ/EBkV8s5afLRJup0hQumRlgpoUqdIi9UzG AwcRpKxi1kCPzX9IPBw0zMJEEB0er7vxl0ZxCAFh5LYzFOq16H7snl4GTM5r0+l/UboAmxAfXsuc BzHI89a+2cSrLI/jBHuz/QzHUunwu5u3pBkDp/V3Uqqw6rJXiGnf+zDypYCtFNeoequnEihZEaVE 6c6hcZHxS2vQsj0qG0ACDsNEC4hQNDCerHouVA== )`
	RRSIG=5940 and DNSKEY=5940/SEP verifies the DNSKEY RRset
	RRSIG=61364 and DNSKEY=61364 verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 347 octets ;; HEADER SECTION ;; id = 58666 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20250711030505 20250704020505 61364 adf.gov. avSDDr6WuSps52sQVQFSudYY8gUDCghiZUGxPOXZVDdD9pkyG76Q9OqsHA4lyWFfyVAmcDbv0P6Y EvgeGk2tHEjkfN66wwaY6wk0KbafFTnwCD8NUSYechENl/LzakO9skwXWwVfuUFEOm16XGUe/aYQ EWL7U9gRUartpB1Ro5Zj7EDLWzSyHQBMjHNEiPFx2M0yVLmR5nAo3m4AZocf/IhLBSzRc7mnQ06S gePvAIjJ3vkb05LShnPcs5xk4oqZvqe8fKwcUAZjXcwLnfZ9ZZOwZUL9uMaWu51+wn12mGEXGk4n uPXiIV/A49QlcWhQ+tHLeWc5Xl0Pon4iHMtGHA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	auth120.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth111.ns.uu.net for adf.gov/SOA
	Received 401 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 401 octets ;; HEADER SECTION ;; id = 28088 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN SOA ;; ANSWER SECTION (2 records) adf.gov. 3600 IN SOA ( auth111.ns.uu.net. hostmaster.uu.net. 12510 ;serial 1800 ;refresh 600 ;retry 1728000 ;expire 3600 ;minimum ) adf.gov. 3600 IN RRSIG ( SOA 7 2 3600 20250711030505 20250704020505 61364 adf.gov. OH/dk54KLB62X8SLP5YpW3v9il9nEOXFjbJ8iQqYyNOKzOpQmL5vQmdZqtXdi7TEZECZW1SdP96b NB8ZRgeRcXiu9Ptu6CT02nN1rN7vrTQu6YOrUKSflh4iLnIIH742+Gb7DMZ30+WcK0QayISZdj/Z DmQkDOb6A4Q+vGEPuch39E7wgHU9fJwocQ4Vrd0IR1sK1BRHU8Jxt3G13UV+CngZUrj6KDMsEa4/ VCnyouJgRIvzGZNqZ2MSi0z2Hs+3OBRlAZWPEbwgRMlDY5oQM4RZXGQEWzNGLmUnV7Fsag8/i/2+ VHPl2Nv3JivmaIuVGXB2q8m7KzjomPbfAGltpA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 347 octets ;; HEADER SECTION ;; id = 50879 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20250711030505 20250704020505 61364 adf.gov. avSDDr6WuSps52sQVQFSudYY8gUDCghiZUGxPOXZVDdD9pkyG76Q9OqsHA4lyWFfyVAmcDbv0P6Y EvgeGk2tHEjkfN66wwaY6wk0KbafFTnwCD8NUSYechENl/LzakO9skwXWwVfuUFEOm16XGUe/aYQ EWL7U9gRUartpB1Ro5Zj7EDLWzSyHQBMjHNEiPFx2M0yVLmR5nAo3m4AZocf/IhLBSzRc7mnQ06S gePvAIjJ3vkb05LShnPcs5xk4oqZvqe8fKwcUAZjXcwLnfZ9ZZOwZUL9uMaWu51+wn12mGEXGk4n uPXiIV/A49QlcWhQ+tHLeWc5Xl0Pon4iHMtGHA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20250711030505 20250704020505 61364 adf.gov. avSDDr6WuSps52sQVQFSudYY8gUDCghiZUGxPOXZVDdD9pkyG76Q9OqsHA4lyWFfyVAmcDbv0P6Y EvgeGk2tHEjkfN66wwaY6wk0KbafFTnwCD8NUSYechENl/LzakO9skwXWwVfuUFEOm16XGUe/aYQ EWL7U9gRUartpB1Ro5Zj7EDLWzSyHQBMjHNEiPFx2M0yVLmR5nAo3m4AZocf/IhLBSzRc7mnQ06S gePvAIjJ3vkb05LShnPcs5xk4oqZvqe8fKwcUAZjXcwLnfZ9ZZOwZUL9uMaWu51+wn12mGEXGk4n uPXiIV/A49QlcWhQ+tHLeWc5Xl0Pon4iHMtGHA== )`
	RRSIG=61364 and DNSKEY=61364 verifies the A RRset

adf.gov

	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 347 octets ;; HEADER SECTION ;; id = 7523 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20250711030505 20250704020505 61364 adf.gov. avSDDr6WuSps52sQVQFSudYY8gUDCghiZUGxPOXZVDdD9pkyG76Q9OqsHA4lyWFfyVAmcDbv0P6Y EvgeGk2tHEjkfN66wwaY6wk0KbafFTnwCD8NUSYechENl/LzakO9skwXWwVfuUFEOm16XGUe/aYQ EWL7U9gRUartpB1Ro5Zj7EDLWzSyHQBMjHNEiPFx2M0yVLmR5nAo3m4AZocf/IhLBSzRc7mnQ06S gePvAIjJ3vkb05LShnPcs5xk4oqZvqe8fKwcUAZjXcwLnfZ9ZZOwZUL9uMaWu51+wn12mGEXGk4n uPXiIV/A49QlcWhQ+tHLeWc5Xl0Pon4iHMtGHA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	auth111.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 347 octets ;; HEADER SECTION ;; id = 8245 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20250711030505 20250704020505 61364 adf.gov. avSDDr6WuSps52sQVQFSudYY8gUDCghiZUGxPOXZVDdD9pkyG76Q9OqsHA4lyWFfyVAmcDbv0P6Y EvgeGk2tHEjkfN66wwaY6wk0KbafFTnwCD8NUSYechENl/LzakO9skwXWwVfuUFEOm16XGUe/aYQ EWL7U9gRUartpB1Ro5Zj7EDLWzSyHQBMjHNEiPFx2M0yVLmR5nAo3m4AZocf/IhLBSzRc7mnQ06S gePvAIjJ3vkb05LShnPcs5xk4oqZvqe8fKwcUAZjXcwLnfZ9ZZOwZUL9uMaWu51+wn12mGEXGk4n uPXiIV/A49QlcWhQ+tHLeWc5Xl0Pon4iHMtGHA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20250711030505 20250704020505 61364 adf.gov. avSDDr6WuSps52sQVQFSudYY8gUDCghiZUGxPOXZVDdD9pkyG76Q9OqsHA4lyWFfyVAmcDbv0P6Y EvgeGk2tHEjkfN66wwaY6wk0KbafFTnwCD8NUSYechENl/LzakO9skwXWwVfuUFEOm16XGUe/aYQ EWL7U9gRUartpB1Ro5Zj7EDLWzSyHQBMjHNEiPFx2M0yVLmR5nAo3m4AZocf/IhLBSzRc7mnQ06S gePvAIjJ3vkb05LShnPcs5xk4oqZvqe8fKwcUAZjXcwLnfZ9ZZOwZUL9uMaWu51+wn12mGEXGk4n uPXiIV/A49QlcWhQ+tHLeWc5Xl0Pon4iHMtGHA== )`
	RRSIG=61364 and DNSKEY=61364 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: