DNSSEC Analyzer

Domain Name:

Time: 2023-10-02 22:05:54 UTC, NTP stratum 4

Analyzing DNSSEC problems for adf.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to c.root-servers.net for ./DNSKEY
	Received 1141 bytes from 192.33.4.12
	;; Response received from 192.33.4.12 (1141 octets) ;; HEADER SECTION ;; id = 61043 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpM PIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3A MSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84v gl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJY zPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c= ) ; Key ID = 46780 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAcEtWatIO3exfN3A+WnZl7AVEBA3crRrrwKTfnmcdLt79C3DCOF1JX5zb4s84v0OxwlOVg+T R8VpkuYynMp3PQXLomLxe7j7PlxqEBo1LQaWfqyymCuF7rKebTLB5yZcr8/QUPwk/weLyguX6iVN DjIZOmeMqPkGJtDFp+EUfKgOa8AulKPLtsUL1W+1FT8sqroSxKXVXnhkEZN1O1zBxTG/z9xjwiPc d3//LSPUpEC9+rU2XIuCJq8nwAwJ7W6Rc49RxUT0Svc57HKqHjNuapvG0PCYh3bXCQzb7mb2pNwu erMFTzP5iEzXWZD7izLg9j3wEJ2Ia/WIEts/Tp9GIQM= ) ; Key ID = 11019 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20231022000000 20231001000000 20326 . WQ+tzT8gKOYmaX8NLjusFmLz4zLVeeY3hAmZUKxl7/6LxY3lJh6qRIgLNBN7EkAhyTbjVVryUhEY ExIX/luU4fGmUCyxhYZwF+2bCv3uT4DaI8ssk3USVFFOR9wTkggzVYrtr2UH1PFmQ5hE//aiPfsy NEAisEXMZX3nUT/aCd5oZ6LlH53Nz9CZOa0vNHTu6erIg+mhAOzshcG9/BIfCrYJ1H5D5serTV1x t3Tvw2+KX6w3dG1Nb6vVNpe9Yj7Eb0B85FiqzoAM5jcwHiY+rovSbdVpmD3mIHXZ65wCiBGa6vQS nJQXwchjWQPnSDFLGuZh3dt89C65erw9grHteQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpM PIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3A MSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84v gl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJY zPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c= ) ; Key ID = 46780`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAcEtWatIO3exfN3A+WnZl7AVEBA3crRrrwKTfnmcdLt79C3DCOF1JX5zb4s84v0OxwlOVg+T R8VpkuYynMp3PQXLomLxe7j7PlxqEBo1LQaWfqyymCuF7rKebTLB5yZcr8/QUPwk/weLyguX6iVN DjIZOmeMqPkGJtDFp+EUfKgOa8AulKPLtsUL1W+1FT8sqroSxKXVXnhkEZN1O1zBxTG/z9xjwiPc d3//LSPUpEC9+rU2XIuCJq8nwAwJ7W6Rc49RxUT0Svc57HKqHjNuapvG0PCYh3bXCQzb7mb2pNwu erMFTzP5iEzXWZD7izLg9j3wEJ2Ia/WIEts/Tp9GIQM= ) ; Key ID = 11019`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20231022000000 20231001000000 20326 . WQ+tzT8gKOYmaX8NLjusFmLz4zLVeeY3hAmZUKxl7/6LxY3lJh6qRIgLNBN7EkAhyTbjVVryUhEY ExIX/luU4fGmUCyxhYZwF+2bCv3uT4DaI8ssk3USVFFOR9wTkggzVYrtr2UH1PFmQ5hE//aiPfsy NEAisEXMZX3nUT/aCd5oZ6LlH53Nz9CZOa0vNHTu6erIg+mhAOzshcG9/BIfCrYJ1H5D5serTV1x t3Tvw2+KX6w3dG1Nb6vVNpe9Yj7Eb0B85FiqzoAM5jcwHiY+rovSbdVpmD3mIHXZ65wCiBGa6vQS nJQXwchjWQPnSDFLGuZh3dt89C65erw9grHteQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=46780 is now in the chain-of-trust
	DNSKEY=11019 is now in the chain-of-trust
	Query to l.root-servers.net for adf.gov/A
	Received 674 bytes from 199.7.83.42
	;; Response received from 199.7.83.42 (674 octets) ;; HEADER SECTION ;; id = 47904 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . yqBg+LUXu0n2FcVGM5kocuhZ+IKMBnoTCFhFYSy8ntJ/RpRad3Rv0a8XPpC8SD69ca8ux6DNfUnu ilX5aAHIjQ0uhqcEs+aZOWSfQRJly6tWXiUdnPUEDVk+7JKUP2vCHiu7DaNLpzIAT+IWrP+uvyLE CCJTA+KkrrjR9cdvFhBIb+zMjy1LXtMVcikvR1hG7XxawkFBqfvpQ3xqodmE6JfjqbHg2A/R0z8v p0DPdItUVtSDhKZwdfP+IsVcZ6QuBLtI7Xy/66c/VCw6cIORCyKDVFNJ4pKvgH6yjwa5wKlFQE3S VJQnFngQNGWsU81wwwNlRvVAUHSn77FozkrBmQ== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN A 209.112.123.30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN A 69.36.153.30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN A 81.19.194.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to f.root-servers.net for gov/DNSKEY
	Received 670 bytes from 192.5.5.241
	;; Response received from 192.5.5.241 (670 octets) ;; HEADER SECTION ;; id = 50731 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . yqBg+LUXu0n2FcVGM5kocuhZ+IKMBnoTCFhFYSy8ntJ/RpRad3Rv0a8XPpC8SD69ca8ux6DNfUnu ilX5aAHIjQ0uhqcEs+aZOWSfQRJly6tWXiUdnPUEDVk+7JKUP2vCHiu7DaNLpzIAT+IWrP+uvyLE CCJTA+KkrrjR9cdvFhBIb+zMjy1LXtMVcikvR1hG7XxawkFBqfvpQ3xqodmE6JfjqbHg2A/R0z8v p0DPdItUVtSDhKZwdfP+IsVcZ6QuBLtI7Xy/66c/VCw6cIORCyKDVFNJ4pKvgH6yjwa5wKlFQE3S VJQnFngQNGWsU81wwwNlRvVAUHSn77FozkrBmQ== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN A 209.112.123.30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN A 69.36.153.30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN A 81.19.194.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Found child zone gov

gov

	Checking DS between . and gov
	Query to c.root-servers.net for gov/DS
	Received 415 bytes from 192.33.4.12
	;; Response received from 192.33.4.12 (415 octets) ;; HEADER SECTION ;; id = 52314 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (3 records) gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . yqBg+LUXu0n2FcVGM5kocuhZ+IKMBnoTCFhFYSy8ntJ/RpRad3Rv0a8XPpC8SD69ca8ux6DNfUnu ilX5aAHIjQ0uhqcEs+aZOWSfQRJly6tWXiUdnPUEDVk+7JKUP2vCHiu7DaNLpzIAT+IWrP+uvyLE CCJTA+KkrrjR9cdvFhBIb+zMjy1LXtMVcikvR1hG7XxawkFBqfvpQ3xqodmE6JfjqbHg2A/R0z8v p0DPdItUVtSDhKZwdfP+IsVcZ6QuBLtI7Xy/66c/VCw6cIORCyKDVFNJ4pKvgH6yjwa5wKlFQE3S VJQnFngQNGWsU81wwwNlRvVAUHSn77FozkrBmQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 2 DS records for gov in the . zone
	DS=7698/SHA-256 has algorithm RSASHA256
	DS=64280/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . yqBg+LUXu0n2FcVGM5kocuhZ+IKMBnoTCFhFYSy8ntJ/RpRad3Rv0a8XPpC8SD69ca8ux6DNfUnu ilX5aAHIjQ0uhqcEs+aZOWSfQRJly6tWXiUdnPUEDVk+7JKUP2vCHiu7DaNLpzIAT+IWrP+uvyLE CCJTA+KkrrjR9cdvFhBIb+zMjy1LXtMVcikvR1hG7XxawkFBqfvpQ3xqodmE6JfjqbHg2A/R0z8v p0DPdItUVtSDhKZwdfP+IsVcZ6QuBLtI7Xy/66c/VCw6cIORCyKDVFNJ4pKvgH6yjwa5wKlFQE3S VJQnFngQNGWsU81wwwNlRvVAUHSn77FozkrBmQ== )`
	RRSIG=46780 and DNSKEY=46780 verifies the DS RRset
	DS=7698/SHA-256 is now in the chain-of-trust
	DS=64280/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	`gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 )`
	Query to c.gov-servers.net for gov/DNSKEY
	Received 1233 bytes from 69.36.153.30
	;; Response received from 69.36.153.30 (1233 octets) ;; HEADER SECTION ;; id = 14761 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 5 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (5 records) gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 gov. 86400 IN DNSKEY ( 257 3 8 AwEAAZp0vliR0TOBCJXmdagY36BI5ZveSPE3OSrcXKDs8IZa86x1+gwbheJcfLB6Fw6cWYUXaNgA mFcbxqIqWc5VJSyPS9yCPdEOLEIiegwCmcWnNsEyc0snKTyypXnvJ5JNhoznpFILDqlksAqP/aiq 1/l0w8TMkRbRrViLrJ1ayaScZ0nn/ge5wNpX09T9RI+gF1OIMJDdgH1vi0a+t6smSy4pUrerFTsu y8JAL+PP85MZiOssT9yoERfWSjFKde6PrQX5vj090AxT+hztb+q2EFXnF1a2L73/3UarB19k5NR3 MT1uM7ddag64Q0lg3aTy3MglDCzP7/StUxdeyL5qIX8= ) ; Key ID = 64280 gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcbYvlY667qXEzHsDTkft9cgKy5F0S9CAP+aFK9+sJumGqvpMaOyOzsilJ+OSVFhopJ1aRFp CUpLVIcVJ3E3YATGpzB45M0D5c4oJ0RjEIUakBwcPghmSW8K1GPqj/eUs4fbVPytXwtwvUll9Lxf gUvi5DA6xD6d2ckwDyRxfcMhXYydr2hIsgfrBLmRDMi4BkxMvA23eShPd/tPvnR0gJk= ) ; Key ID = 10104 gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcvA+2gDUzQ8CrZNef0l31+89Y1gUM8rPtvpC9E3HNsYoOxe3r0NVuWjafg5zXzkRnHhw0L9 nBIQH8cqEeFKg3bJx2i8dj4N9YXmmhkLHuE0JJ9+JrZQpWRY9AQPsG3l2RLnL6Vato0IIweFWF+7 oWVM0xMoB6wjI0XTB+tO1x3a/wuGs7cTPBM4RzvKqsY36/bICi+QNVIesASaGNrFqs0= ) ; Key ID = 40921 gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20231008040000 20230923035500 7698 gov. ZwUS8pkBdeVIiXrdTNAFO7hm3WBpzd5rmcMSg3ewi7Z7Gb6jjyqePCEVUOzrTZzY+CRSknDVQQc7 QAHTkqPG6pvFDWxDkEgBMAU33rSxxussGS6IROb6Pz/REaEHbxsdYmIdfk/HhDNj9v2XQlK4/O7g iIVqwiTlwTBRyryqKZYVBgXCvIWd5wWVPAz5ncDjgrelVa3WlsKK9R9wdMrIWpBO8hkZl8b/nUiO P66iKOJ/u08cZ3hJFvyGNMBBG8hdydVlTcebkU20eeEfI4ajEuzPUKhV7sEOvD4CXSbQaChutrFP ZaCgmk85dtnzdxBQqyeLstU7LY0KOFw/Iwz2fw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 4 DNSKEY records for gov
	`gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	`gov. 86400 IN DNSKEY ( 257 3 8 AwEAAZp0vliR0TOBCJXmdagY36BI5ZveSPE3OSrcXKDs8IZa86x1+gwbheJcfLB6Fw6cWYUXaNgA mFcbxqIqWc5VJSyPS9yCPdEOLEIiegwCmcWnNsEyc0snKTyypXnvJ5JNhoznpFILDqlksAqP/aiq 1/l0w8TMkRbRrViLrJ1ayaScZ0nn/ge5wNpX09T9RI+gF1OIMJDdgH1vi0a+t6smSy4pUrerFTsu y8JAL+PP85MZiOssT9yoERfWSjFKde6PrQX5vj090AxT+hztb+q2EFXnF1a2L73/3UarB19k5NR3 MT1uM7ddag64Q0lg3aTy3MglDCzP7/StUxdeyL5qIX8= ) ; Key ID = 64280`
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcbYvlY667qXEzHsDTkft9cgKy5F0S9CAP+aFK9+sJumGqvpMaOyOzsilJ+OSVFhopJ1aRFp CUpLVIcVJ3E3YATGpzB45M0D5c4oJ0RjEIUakBwcPghmSW8K1GPqj/eUs4fbVPytXwtwvUll9Lxf gUvi5DA6xD6d2ckwDyRxfcMhXYydr2hIsgfrBLmRDMi4BkxMvA23eShPd/tPvnR0gJk= ) ; Key ID = 10104`
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcvA+2gDUzQ8CrZNef0l31+89Y1gUM8rPtvpC9E3HNsYoOxe3r0NVuWjafg5zXzkRnHhw0L9 nBIQH8cqEeFKg3bJx2i8dj4N9YXmmhkLHuE0JJ9+JrZQpWRY9AQPsG3l2RLnL6Vato0IIweFWF+7 oWVM0xMoB6wjI0XTB+tO1x3a/wuGs7cTPBM4RzvKqsY36/bICi+QNVIesASaGNrFqs0= ) ; Key ID = 40921`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	DNSKEY=64280/SEP is now in the chain-of-trust
	DS=64280/SHA-256 verifies DNSKEY=64280/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20231008040000 20230923035500 7698 gov. ZwUS8pkBdeVIiXrdTNAFO7hm3WBpzd5rmcMSg3ewi7Z7Gb6jjyqePCEVUOzrTZzY+CRSknDVQQc7 QAHTkqPG6pvFDWxDkEgBMAU33rSxxussGS6IROb6Pz/REaEHbxsdYmIdfk/HhDNj9v2XQlK4/O7g iIVqwiTlwTBRyryqKZYVBgXCvIWd5wWVPAz5ncDjgrelVa3WlsKK9R9wdMrIWpBO8hkZl8b/nUiO P66iKOJ/u08cZ3hJFvyGNMBBG8hdydVlTcebkU20eeEfI4ajEuzPUKhV7sEOvD4CXSbQaChutrFP ZaCgmk85dtnzdxBQqyeLstU7LY0KOFw/Iwz2fw== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=10104 is now in the chain-of-trust
	DNSKEY=40921 is now in the chain-of-trust
	Query to d.gov-servers.net for adf.gov/A
	Received 500 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (500 octets) ;; HEADER SECTION ;; id = 32397 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 86400 IN NS auth120.ns.uu.net. adf.gov. 86400 IN NS auth111.ns.uu.net. adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20231009094228 20231002094228 40921 gov. RjnplnggWTV1ZG+FwTLlvkEvEt8bT3V0DC/LAGi2I6L1jBZI9b94Grjo99tC/sJX8Pl2sHO4GjHJ RqsgwLOSN7VIj7AC85gW41iahZH4dCdtQT7M+ncLoN+ld8fbWqSZCwAZOE2c5na1PvV/N5JDViPO QsSh9IJIevx2ZIL0szTy82EbZfgOw/rP+XQP8wd/fbUfBJ+fk/AdZY9CpYxEdg== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to a.gov-servers.net for adf.gov/DNSKEY
	Received 500 bytes from 69.36.157.30
	;; Response received from 69.36.157.30 (500 octets) ;; HEADER SECTION ;; id = 43567 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 8 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 86400 IN NS auth120.ns.uu.net. adf.gov. 86400 IN NS auth111.ns.uu.net. adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20231009094228 20231002094228 40921 gov. RjnplnggWTV1ZG+FwTLlvkEvEt8bT3V0DC/LAGi2I6L1jBZI9b94Grjo99tC/sJX8Pl2sHO4GjHJ RqsgwLOSN7VIj7AC85gW41iahZH4dCdtQT7M+ncLoN+ld8fbWqSZCwAZOE2c5na1PvV/N5JDViPO QsSh9IJIevx2ZIL0szTy82EbZfgOw/rP+XQP8wd/fbUfBJ+fk/AdZY9CpYxEdg== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone adf.gov

adf.gov

	Checking DS between gov and adf.gov
	Query to b.gov-servers.net for adf.gov/DS
	Received 447 bytes from 209.112.123.30
	;; Response received from 209.112.123.30 (447 octets) ;; HEADER SECTION ;; id = 1836 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DS ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20231009094228 20231002094228 40921 gov. RjnplnggWTV1ZG+FwTLlvkEvEt8bT3V0DC/LAGi2I6L1jBZI9b94Grjo99tC/sJX8Pl2sHO4GjHJ RqsgwLOSN7VIj7AC85gW41iahZH4dCdtQT7M+ncLoN+ld8fbWqSZCwAZOE2c5na1PvV/N5JDViPO QsSh9IJIevx2ZIL0szTy82EbZfgOw/rP+XQP8wd/fbUfBJ+fk/AdZY9CpYxEdg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 5 DS records for adf.gov in the gov zone
	DS=51142/SHA-1 has algorithm RSASHA1
	DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-256 has algorithm RSASHA1
	Found 1 RRSIGs over DS RRset
	`adf.gov. 3600 IN RRSIG ( DS 8 2 3600 20231009094228 20231002094228 40921 gov. RjnplnggWTV1ZG+FwTLlvkEvEt8bT3V0DC/LAGi2I6L1jBZI9b94Grjo99tC/sJX8Pl2sHO4GjHJ RqsgwLOSN7VIj7AC85gW41iahZH4dCdtQT7M+ncLoN+ld8fbWqSZCwAZOE2c5na1PvV/N5JDViPO QsSh9IJIevx2ZIL0szTy82EbZfgOw/rP+XQP8wd/fbUfBJ+fk/AdZY9CpYxEdg== )`
	RRSIG=40921 and DNSKEY=40921 verifies the DS RRset
	DS=51142/SHA-1 is now in the chain-of-trust
	DS=16281/SHA-256 is now in the chain-of-trust
	DS=56043/SHA-256 is now in the chain-of-trust
	`adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a`
	`adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf )`
	`adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77`
	`adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba )`
	`adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc )`
	Query to auth111.ns.uu.net for adf.gov/DNSKEY
	Received 1730 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (1730 octets) ;; HEADER SECTION ;; id = 14197 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAXnzyHzhieC8Tnu6UIUpVE5ZF/ErJYckZeWoQYkrEPi1fEIqLHCJhvVukE+1lxKSI6jjkke2 vLdMvcya48lTUkcJFmCNKVyJMnKa5y4fcxBX5Gh/hLWOcJOuK+xQG0uqr4hOS3JFr6i1JSJ350H+ jR782tXXupOvJKZFFL5b+3dE9mHhtMmjSWj/D+VtTPYgjbiSpUMqCaseX0LglxexUFjmz6LhsxXg WKbobFi8cB8X3+9a9ZK7S8NZeud5bgZrpPU1y4MWJ1JCEb/NF8bLj2nOPYdRLimVmay+p7/OcqJy LjuiaJw8ynzJPITrwbTihzrYJS2jfiSKARW9MKKwmys= ) ; Key ID = 56358 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAZ/REFBhXTI9P46r2nziN9zUMqsY8EQh1ajSIRTQUf8cuYi/pgXbje4v84VbTDsZyzj0CL28 ORvUqzMdnRywmcevGa85zLizwAug2nhpLBqPqwqo2pgs9wChxITcJg8Z+2Jjc/8CAQDG4vi5lTow FhYocmzPlW8XORM7pfJDIRxxx7qm2Wx2SHfbEYj7Q01KohSY9vOdkqcB4Z/NWJm/+ccSKvUyISgP ydy+QWVDbqfVLHiAs1R1NkijlO+DC+7UhZb4KHFW/9auaZfiRL1hAS6UPbUQA0fo23tXdPdbUhUs w6BR/lzqs6EvK7pXm1srgGTAF6NEOeK3hdXqqSdABPU= ) ; Key ID = 50088 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAYpjbpru9c2Hrr4kIcsS+AS6AjT3Z/RBaPKtV4TBLorgcOwfS8fxGKaCZFzICAhvnUMi7Ewm DKUxLdFQAQEBQHxAlpfatsNO/NQMskvMjtN1j27P0iYFwVlleYiyxikmfhcAmY+CcT0+yzvGD0QE 8TAFMre3YylCZx8vND38B59/gPek5XAxCBMvfsJsSpO7tAyxR8hvICGPOw2Qsc5LVyg8trWtIVMJ owr7JOr9sJIfj9LpEv1eOCkxUi3r39gs68rhOiGOKwYCXSVnxRJKnipPF5Z5RRtqNUR9bbrYkTA3 s2ztHkIe1BtskN9XE1yfKpmvWrpEO2R5lwf9pxJGdkc= ) ; Key ID = 58134 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAYq1zdsq4jOVI4KLJFscWYIbXZodNGiYvsLiQitoFZ8gOuZO6DMia38J5E07PhVf0pW158Kn Rg1FKAnDmvtsnjyxnuvWW/TbA6kzhXt/oB3AwJUg4vWedavMu9MlraN/b9kxLp/sCMX1l4sb0BJ1 BuO2khmwwQEm6hwUk+P3NGpvGDKQh78NDvQCgjHp2MGlQcBNe8j16gZVAMDDl63BPfiKVeS9VOPj Q3tXmVo2BQl/iVHeCKRWzj0ydz6gUNHg/V1QFBD6ojIB6OFWN039uYXD+Q97uGh9hWRgX2jGzDOd lGcnxxbr6BA1rTZ1Yb1iNjMrmUzDwWMapQftj2+PjZ8= ) ; Key ID = 13299 adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20231009030125 20231002020125 50088 adf.gov. QcMsQND3jdm8FB/QPlLehKNnkNAIMv0cPww1KursY4/unraeS/fUATR4Ft6y7Vyx4P1DVQLPWOA2 UFCdfL9/bunqrxcKpScstBiC6pHwWGhg8RmDVd7oV5vhv++i+UlDlHIJzmVAQatqemmaMjBcUZoD 4GjGvSJBd7aZfb2VHXSV6C6d0xLxnOSONB20MQyrcmGz6bd6C875uZpAyql3ZXtdPMu4zWiThrEm 2Oor4wJGxns5dZKIzqnUlAdF7vmNmUJiYSszWxvpPdWfnxKpEtDDhHwFLoxImX3NPMKMALNNpOlI 5SaD8tSXU50EnZ2zgmdyc3jXcfVRAYwSp2jHkA== ) adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20231009030125 20231002020125 56358 adf.gov. G8+vzRfnbOXLykvVUI+lKMelQT6ynPOG+8ojQODIRZMrK9A33I9B5AE2BcG8PJvH36SqV/CSKFjw VHZfMh6mSwti5bMlNtAsJtNGQj4B+/hSaWTeFZfh4Ipb+yfQ8VyEdvIbIZ2b6PY5OxDN2BC3CINb YKp/+UkRWeO6HN+3PzpkRv2uNM0P+JuDkQt4x5H23tSg7MgPu7Gm9VyWoXS3ymMhJINE5p94vl8B rOyCISA6B/SZC/WpEgHcy5Vm/Ub4nlTTcCIuRfrn39q1JOhrj/LhFY73XVa5efk15wKUHZduTL2Y L2MBE21BcaXzeAAR5zuMenQWwIL0j/IZ2hjt1g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 4 DNSKEY records for adf.gov
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAXnzyHzhieC8Tnu6UIUpVE5ZF/ErJYckZeWoQYkrEPi1fEIqLHCJhvVukE+1lxKSI6jjkke2 vLdMvcya48lTUkcJFmCNKVyJMnKa5y4fcxBX5Gh/hLWOcJOuK+xQG0uqr4hOS3JFr6i1JSJ350H+ jR782tXXupOvJKZFFL5b+3dE9mHhtMmjSWj/D+VtTPYgjbiSpUMqCaseX0LglxexUFjmz6LhsxXg WKbobFi8cB8X3+9a9ZK7S8NZeud5bgZrpPU1y4MWJ1JCEb/NF8bLj2nOPYdRLimVmay+p7/OcqJy LjuiaJw8ynzJPITrwbTihzrYJS2jfiSKARW9MKKwmys= ) ; Key ID = 56358`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAZ/REFBhXTI9P46r2nziN9zUMqsY8EQh1ajSIRTQUf8cuYi/pgXbje4v84VbTDsZyzj0CL28 ORvUqzMdnRywmcevGa85zLizwAug2nhpLBqPqwqo2pgs9wChxITcJg8Z+2Jjc/8CAQDG4vi5lTow FhYocmzPlW8XORM7pfJDIRxxx7qm2Wx2SHfbEYj7Q01KohSY9vOdkqcB4Z/NWJm/+ccSKvUyISgP ydy+QWVDbqfVLHiAs1R1NkijlO+DC+7UhZb4KHFW/9auaZfiRL1hAS6UPbUQA0fo23tXdPdbUhUs w6BR/lzqs6EvK7pXm1srgGTAF6NEOeK3hdXqqSdABPU= ) ; Key ID = 50088`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAYpjbpru9c2Hrr4kIcsS+AS6AjT3Z/RBaPKtV4TBLorgcOwfS8fxGKaCZFzICAhvnUMi7Ewm DKUxLdFQAQEBQHxAlpfatsNO/NQMskvMjtN1j27P0iYFwVlleYiyxikmfhcAmY+CcT0+yzvGD0QE 8TAFMre3YylCZx8vND38B59/gPek5XAxCBMvfsJsSpO7tAyxR8hvICGPOw2Qsc5LVyg8trWtIVMJ owr7JOr9sJIfj9LpEv1eOCkxUi3r39gs68rhOiGOKwYCXSVnxRJKnipPF5Z5RRtqNUR9bbrYkTA3 s2ztHkIe1BtskN9XE1yfKpmvWrpEO2R5lwf9pxJGdkc= ) ; Key ID = 58134`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAYq1zdsq4jOVI4KLJFscWYIbXZodNGiYvsLiQitoFZ8gOuZO6DMia38J5E07PhVf0pW158Kn Rg1FKAnDmvtsnjyxnuvWW/TbA6kzhXt/oB3AwJUg4vWedavMu9MlraN/b9kxLp/sCMX1l4sb0BJ1 BuO2khmwwQEm6hwUk+P3NGpvGDKQh78NDvQCgjHp2MGlQcBNe8j16gZVAMDDl63BPfiKVeS9VOPj Q3tXmVo2BQl/iVHeCKRWzj0ydz6gUNHg/V1QFBD6ojIB6OFWN039uYXD+Q97uGh9hWRgX2jGzDOd lGcnxxbr6BA1rTZ1Yb1iNjMrmUzDwWMapQftj2+PjZ8= ) ; Key ID = 13299`
	DS=51142/SHA-1 is published, but a corresponding DNSKEY is not
	DS=16281/SHA-256 is published, but a corresponding DNSKEY is not
	DS=56043/SHA-256 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 5 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20231009030125 20231002020125 50088 adf.gov. QcMsQND3jdm8FB/QPlLehKNnkNAIMv0cPww1KursY4/unraeS/fUATR4Ft6y7Vyx4P1DVQLPWOA2 UFCdfL9/bunqrxcKpScstBiC6pHwWGhg8RmDVd7oV5vhv++i+UlDlHIJzmVAQatqemmaMjBcUZoD 4GjGvSJBd7aZfb2VHXSV6C6d0xLxnOSONB20MQyrcmGz6bd6C875uZpAyql3ZXtdPMu4zWiThrEm 2Oor4wJGxns5dZKIzqnUlAdF7vmNmUJiYSszWxvpPdWfnxKpEtDDhHwFLoxImX3NPMKMALNNpOlI 5SaD8tSXU50EnZ2zgmdyc3jXcfVRAYwSp2jHkA== )`
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20231009030125 20231002020125 56358 adf.gov. G8+vzRfnbOXLykvVUI+lKMelQT6ynPOG+8ojQODIRZMrK9A33I9B5AE2BcG8PJvH36SqV/CSKFjw VHZfMh6mSwti5bMlNtAsJtNGQj4B+/hSaWTeFZfh4Ipb+yfQ8VyEdvIbIZ2b6PY5OxDN2BC3CINb YKp/+UkRWeO6HN+3PzpkRv2uNM0P+JuDkQt4x5H23tSg7MgPu7Gm9VyWoXS3ymMhJINE5p94vl8B rOyCISA6B/SZC/WpEgHcy5Vm/Ub4nlTTcCIuRfrn39q1JOhrj/LhFY73XVa5efk15wKUHZduTL2Y L2MBE21BcaXzeAAR5zuMenQWwIL0j/IZ2hjt1g== )`
	RRSIG=50088 and DNSKEY=50088/SEP verifies the DNSKEY RRset
	RRSIG=56358 and DNSKEY=56358 verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (347 octets) ;; HEADER SECTION ;; id = 32656 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20231009030125 20231002020125 56358 adf.gov. P8kumOUxJ6vgYLYBOw4NqAlsgAGIWrQZww2OAz5NdX8PjBacoEL1ayd/yHkO5r8fUlZ4yAn1h3jO 3LLX8jKDLEfoo3qNKAgeKUgUwcR7wp5ssrKlSChczAA6TEkX789t9It57TnIcQ5yZ6TeMi9mNxRh 5JpwdoaXbcdIkvjmBVnUt1RyOQnNcluqXXXjnmyXBSDKaULSQeprUzSpPcp5JJW36ud/dcDV9Oyj xo0WZvXdtx6j4FHN0dwwypk/ztmBWToG3zqrG9DnuKkeZwIWaA6yTYzhiN3rgm6JbLXDNsI0kha2 Ddx5wjd9TeudyeQVVRDfrpZ06EX+etUo3iEQ6w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	auth111.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth120.ns.uu.net for adf.gov/SOA
	Received 401 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (401 octets) ;; HEADER SECTION ;; id = 58892 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN SOA ;; ANSWER SECTION (2 records) adf.gov. 3600 IN SOA ( auth111.ns.uu.net. hostmaster.uu.net. 11451 ;serial 1800 ;refresh 600 ;retry 1728000 ;expire 3600 ;minimum ) adf.gov. 3600 IN RRSIG ( SOA 7 2 3600 20231009030125 20231002020125 56358 adf.gov. ClBp6DDmjTq2hS/zByJKTezMipeauWf7e0sejeGeofXCcPW56V7It6RbWv7NWUdoDleOjevKWwWM JxT++7xXTCfQeLFKJL1ZzL30GZKxh6rAZnfwoOWnzhpiPnbw4HjVb6f0gprySmfUkdjt91+Rv9+Y nTGnpnyo1OHrYVCzQw9/4BqN6XZ8pBfFbsE/VXmRsprgzDwuQh8tnFMZ9JKORtyzC8jIQAHxrsWZ F3/RbAbatpXL38v+phs3HJyPqhozhwB40LIoxRCPQXWwyChhian6rZ0YH0zXhE7cuJgqmyI+X2tS zPpGbnlW1SCg9ZTe+ICDctj/0mBWgkRqkpuyJw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from 198.6.1.115 (347 octets) ;; HEADER SECTION ;; id = 52534 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20231009030125 20231002020125 56358 adf.gov. P8kumOUxJ6vgYLYBOw4NqAlsgAGIWrQZww2OAz5NdX8PjBacoEL1ayd/yHkO5r8fUlZ4yAn1h3jO 3LLX8jKDLEfoo3qNKAgeKUgUwcR7wp5ssrKlSChczAA6TEkX789t9It57TnIcQ5yZ6TeMi9mNxRh 5JpwdoaXbcdIkvjmBVnUt1RyOQnNcluqXXXjnmyXBSDKaULSQeprUzSpPcp5JJW36ud/dcDV9Oyj xo0WZvXdtx6j4FHN0dwwypk/ztmBWToG3zqrG9DnuKkeZwIWaA6yTYzhiN3rgm6JbLXDNsI0kha2 Ddx5wjd9TeudyeQVVRDfrpZ06EX+etUo3iEQ6w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20231009030125 20231002020125 56358 adf.gov. P8kumOUxJ6vgYLYBOw4NqAlsgAGIWrQZww2OAz5NdX8PjBacoEL1ayd/yHkO5r8fUlZ4yAn1h3jO 3LLX8jKDLEfoo3qNKAgeKUgUwcR7wp5ssrKlSChczAA6TEkX789t9It57TnIcQ5yZ6TeMi9mNxRh 5JpwdoaXbcdIkvjmBVnUt1RyOQnNcluqXXXjnmyXBSDKaULSQeprUzSpPcp5JJW36ud/dcDV9Oyj xo0WZvXdtx6j4FHN0dwwypk/ztmBWToG3zqrG9DnuKkeZwIWaA6yTYzhiN3rgm6JbLXDNsI0kha2 Ddx5wjd9TeudyeQVVRDfrpZ06EX+etUo3iEQ6w== )`
	RRSIG=56358 and DNSKEY=56358 verifies the A RRset

adf.gov

	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (347 octets) ;; HEADER SECTION ;; id = 48087 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20231009030125 20231002020125 56358 adf.gov. P8kumOUxJ6vgYLYBOw4NqAlsgAGIWrQZww2OAz5NdX8PjBacoEL1ayd/yHkO5r8fUlZ4yAn1h3jO 3LLX8jKDLEfoo3qNKAgeKUgUwcR7wp5ssrKlSChczAA6TEkX789t9It57TnIcQ5yZ6TeMi9mNxRh 5JpwdoaXbcdIkvjmBVnUt1RyOQnNcluqXXXjnmyXBSDKaULSQeprUzSpPcp5JJW36ud/dcDV9Oyj xo0WZvXdtx6j4FHN0dwwypk/ztmBWToG3zqrG9DnuKkeZwIWaA6yTYzhiN3rgm6JbLXDNsI0kha2 Ddx5wjd9TeudyeQVVRDfrpZ06EX+etUo3iEQ6w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	auth120.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from 198.6.1.154 (347 octets) ;; HEADER SECTION ;; id = 24171 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20231009030125 20231002020125 56358 adf.gov. P8kumOUxJ6vgYLYBOw4NqAlsgAGIWrQZww2OAz5NdX8PjBacoEL1ayd/yHkO5r8fUlZ4yAn1h3jO 3LLX8jKDLEfoo3qNKAgeKUgUwcR7wp5ssrKlSChczAA6TEkX789t9It57TnIcQ5yZ6TeMi9mNxRh 5JpwdoaXbcdIkvjmBVnUt1RyOQnNcluqXXXjnmyXBSDKaULSQeprUzSpPcp5JJW36ud/dcDV9Oyj xo0WZvXdtx6j4FHN0dwwypk/ztmBWToG3zqrG9DnuKkeZwIWaA6yTYzhiN3rgm6JbLXDNsI0kha2 Ddx5wjd9TeudyeQVVRDfrpZ06EX+etUo3iEQ6w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20231009030125 20231002020125 56358 adf.gov. P8kumOUxJ6vgYLYBOw4NqAlsgAGIWrQZww2OAz5NdX8PjBacoEL1ayd/yHkO5r8fUlZ4yAn1h3jO 3LLX8jKDLEfoo3qNKAgeKUgUwcR7wp5ssrKlSChczAA6TEkX789t9It57TnIcQ5yZ6TeMi9mNxRh 5JpwdoaXbcdIkvjmBVnUt1RyOQnNcluqXXXjnmyXBSDKaULSQeprUzSpPcp5JJW36ud/dcDV9Oyj xo0WZvXdtx6j4FHN0dwwypk/ztmBWToG3zqrG9DnuKkeZwIWaA6yTYzhiN3rgm6JbLXDNsI0kha2 Ddx5wjd9TeudyeQVVRDfrpZ06EX+etUo3iEQ6w== )`
	RRSIG=56358 and DNSKEY=56358 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: