DNSSEC Debugger

Back to Verisign Labs Tools

Domain Name:

Detail: more(+) / less(-)

Time: 2026-06-16 03:21:34 UTC

Analyzing DNSSEC problems for adf.gov

DS=20326/SHA-256 is now in the chain-of-trust

DS=38696/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	`. IN DS ( 38696 8 2 683d2d0acb8c9b712a1948b27f741219298d0a450d612c483af444a4c0fb2b16 )`
	Query to i.root-servers.net for ./DNSKEY
	Received 1139 bytes from 192.36.148.17
	;; Response received from [192.36.148.17] 1139 octets ;; HEADER SECTION ;; id = 8176 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260701000000 20260610000000 20326 . j4xwc5ju8Rar7jcd8yX1jGrb5c85D/uGNLvUpiKCzuSVqv0zhUS56KtqD0JmBo1rC+aWxywONWS6 o76i4p5TOOWFWdrops0E/Vw3OFQW+jLxsscc+Y9WUbK1PxTB3UPdWfiHw3azpvgsaaUdXAWeev5t MWZXcj4NM7NoCZJk9ig5onr298AVFZoFNZP6edyzWhyhkMX0DOxBH1M8+c8te2dFpck09pK2GEvA P5Cf1zlsGmZOiZRxB2mDLOXnCbqwJnHQSyhpW9QZkJGJbogrNPwMWdV+X3xcQ5n+dL9aRLtAkKeS p8FDo1ZeGo9xAbha9AjeCyPF3VkSRQEw9owjJg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	DNSKEY=38696/SEP is now in the chain-of-trust
	DS=38696/SHA-256 verifies DNSKEY=38696/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260701000000 20260610000000 20326 . j4xwc5ju8Rar7jcd8yX1jGrb5c85D/uGNLvUpiKCzuSVqv0zhUS56KtqD0JmBo1rC+aWxywONWS6 o76i4p5TOOWFWdrops0E/Vw3OFQW+jLxsscc+Y9WUbK1PxTB3UPdWfiHw3azpvgsaaUdXAWeev5t MWZXcj4NM7NoCZJk9ig5onr298AVFZoFNZP6edyzWhyhkMX0DOxBH1M8+c8te2dFpck09pK2GEvA P5Cf1zlsGmZOiZRxB2mDLOXnCbqwJnHQSyhpW9QZkJGJbogrNPwMWdV+X3xcQ5n+dL9aRLtAkKeS p8FDo1ZeGo9xAbha9AjeCyPF3VkSRQEw9owjJg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=54393 is now in the chain-of-trust
	Query to d.root-servers.net for adf.gov/A
	Received 614 bytes from 199.7.91.13
	;; Response received from [199.7.91.13] 614 octets ;; HEADER SECTION ;; id = 18883 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1450, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260628200000 20260615190000 54393 . aYWfgE1jHQHjCE/mc++3mzlC7HQMuPbq4oIprc+w41D3IDEYqNOPiEFMbLBSX9wTrgk/+l3AhJ3W OL6HevLmFXcbutn4qJh81UQEwOFB8/dRqeXoxjhSFzBk22luOf1sln6FmOBvGUrlZlul8BTV32mt jcvSm7wYl3RcBpS+MtoBAvKu5Aooxn+m8oNo51oSlfHC2hfvMny9yylYdATT68oudFYQQeghDzam BlrQd0yTAlgx67+04TZbI14AQSesBlmOSPgqN8ZJxyPraoTUbOaU5TGiUavjVz5yfV77XpFYAKI7 Cfz7VjJGuxlAn9yIaiigozN31D6Ewos4gOl3JA== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to d.root-servers.net for gov/DNSKEY
	Received 610 bytes from 199.7.91.13
	;; Response received from [199.7.91.13] 610 octets ;; HEADER SECTION ;; id = 20670 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1450, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260628200000 20260615190000 54393 . aYWfgE1jHQHjCE/mc++3mzlC7HQMuPbq4oIprc+w41D3IDEYqNOPiEFMbLBSX9wTrgk/+l3AhJ3W OL6HevLmFXcbutn4qJh81UQEwOFB8/dRqeXoxjhSFzBk22luOf1sln6FmOBvGUrlZlul8BTV32mt jcvSm7wYl3RcBpS+MtoBAvKu5Aooxn+m8oNo51oSlfHC2hfvMny9yylYdATT68oudFYQQeghDzam BlrQd0yTAlgx67+04TZbI14AQSesBlmOSPgqN8ZJxyPraoTUbOaU5TGiUavjVz5yfV77XpFYAKI7 Cfz7VjJGuxlAn9yIaiigozN31D6Ewos4gOl3JA== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to b.root-servers.net for gov/DS
	Received 367 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 367 octets ;; HEADER SECTION ;; id = 23970 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260628200000 20260615190000 54393 . aYWfgE1jHQHjCE/mc++3mzlC7HQMuPbq4oIprc+w41D3IDEYqNOPiEFMbLBSX9wTrgk/+l3AhJ3W OL6HevLmFXcbutn4qJh81UQEwOFB8/dRqeXoxjhSFzBk22luOf1sln6FmOBvGUrlZlul8BTV32mt jcvSm7wYl3RcBpS+MtoBAvKu5Aooxn+m8oNo51oSlfHC2hfvMny9yylYdATT68oudFYQQeghDzam BlrQd0yTAlgx67+04TZbI14AQSesBlmOSPgqN8ZJxyPraoTUbOaU5TGiUavjVz5yfV77XpFYAKI7 Cfz7VjJGuxlAn9yIaiigozN31D6Ewos4gOl3JA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20260628200000 20260615190000 54393 . aYWfgE1jHQHjCE/mc++3mzlC7HQMuPbq4oIprc+w41D3IDEYqNOPiEFMbLBSX9wTrgk/+l3AhJ3W OL6HevLmFXcbutn4qJh81UQEwOFB8/dRqeXoxjhSFzBk22luOf1sln6FmOBvGUrlZlul8BTV32mt jcvSm7wYl3RcBpS+MtoBAvKu5Aooxn+m8oNo51oSlfHC2hfvMny9yylYdATT68oudFYQQeghDzam BlrQd0yTAlgx67+04TZbI14AQSesBlmOSPgqN8ZJxyPraoTUbOaU5TGiUavjVz5yfV77XpFYAKI7 Cfz7VjJGuxlAn9yIaiigozN31D6Ewos4gOl3JA== )`
	RRSIG=54393 and DNSKEY=54393 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to b.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 291 octets ;; HEADER SECTION ;; id = 39155 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260723110631 20260523110631 2536 gov. KuwBJAdUDPtJavW6u6F8ib8E+R3O8hIRJ3mN+zRdmXbJ7LYMyAN5A6mf1nr9I/8WsCmSxZS5Nehw XiGC/1k0Iw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260723110631 20260523110631 2536 gov. KuwBJAdUDPtJavW6u6F8ib8E+R3O8hIRJ3mN+zRdmXbJ7LYMyAN5A6mf1nr9I/8WsCmSxZS5Nehw XiGC/1k0Iw== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.gov for adf.gov/A
	Received 404 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 404 octets ;; HEADER SECTION ;; id = 29117 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 10800 IN NS auth111.ns.uu.net. adf.gov. 10800 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20260617042134 20260615022134 35496 gov. QRMv0kKnt/r6Q/EXi2biPR0DUHeJo68RQAMOkcmQYeXD0yCs6piTljxo8mTI9AbsVlnkw9f/r0JG aFLAeEP41A== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a.ns.gov for adf.gov/DNSKEY
	Received 404 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 404 octets ;; HEADER SECTION ;; id = 61032 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 10800 IN NS auth111.ns.uu.net. adf.gov. 10800 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20260617042134 20260615022134 35496 gov. nq/RWVzzIz3BP1kyevDj4nv/wbqNhAySgDZriz8jrENBg1YWD0RgW/bgSGXkdBn6AdcK2tnrIy5n uLDh3ytDOg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone adf.gov

adf.gov

	Checking DS between gov and adf.gov
	Query to c.ns.gov for adf.gov/DS
	Received 351 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 351 octets ;; HEADER SECTION ;; id = 28760 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DS ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20260617042134 20260615022134 35496 gov. 6SdY30ykkaXX+yek6DhqbMzVk5OnLCvP0cVp8pmwX7MUJlkciZUD9Hyxq72nR60oU0AeL1YRt8lv 3hUcprGhDQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 5 DS records for adf.gov in the gov zone
	DS=16281/SHA-1 uses a deprecated digest algorithm
	DS=51142/SHA-1 uses a deprecated digest algorithm
	DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-1 has algorithm RSASHA1
	DS=51142/SHA-256 has algorithm RSASHA1
	DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	Found 1 RRSIGs over DS RRset
	`adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20260617042134 20260615022134 35496 gov. 6SdY30ykkaXX+yek6DhqbMzVk5OnLCvP0cVp8pmwX7MUJlkciZUD9Hyxq72nR60oU0AeL1YRt8lv 3hUcprGhDQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=16281/SHA-1 is now in the chain-of-trust
	DS=51142/SHA-1 is now in the chain-of-trust
	DS=56043/SHA-256 is now in the chain-of-trust
	`adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77`
	`adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf )`
	`adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a`
	`adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc )`
	`adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba )`
	Query to auth111.ns.uu.net for adf.gov/DNSKEY
	Received 1730 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 1730 octets ;; HEADER SECTION ;; id = 40672 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAdFlakj0ab/7ZTKGV8lnUSKMAYjSH7tBh801ZhMWrn37Zq5Z/esJxiMi7pf5tmjf0ZSfIEFW G5IIRBSuwBirRe1aeQIsBAU3ukqsLXNbGq+8eOhviUwnik5Fu5F7sqJgybIQv5PNOiadm4BqHjuN B9CPgfzje6fOIw79vRyNs0nJ90qic6TUioG6UMB0o1/TwTNhk0vgCUeNIzX4pcHD9xYj2/nZOCh7 hXvVFj1/yXKoNVl9zDEr5Zu5/g2kChsPj1zldmfFhhgKzK3iKFtjwryb4S+VsoRvI1fGvPmrPhpv zy8h7EqJA2zAna8d7Fck6YCwpr9sB1GWUCxbYS8bJQM= ) ; keytag 17165 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAc8JqZ0UPGJNVJf68MN6QQsh4ofxSCz+Lfg8VREyD0Rkvs5N+Mn9mxupduZ30QwUHduw8S2k DJXVHzCXdoGBM4nJbp1AvDT6WEmgKXtqPGMr+FvvTBEpjJr+PGgnbLLCrqfArdAplZlmwiN3vMTs w9W7L611bz6ybDtVI+/C9cyfdRZR9kZkZovSRJ/A+stosY2XSgEssSZE1m0QbLXCcLZaDUmEUEcM IZPXmLQqrpk0+OAGa80gej3dZx8RGW+ChYeELfsK9CZ9lD3J1jCOhsZJktNQHRCd7hE+0FhnCe+c 5BPwHhoB8rp75tN2MGbfgPEPW5CAquVqFzAOS4r6aH8= ) ; keytag 36392 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAcIkmIHZliP2uXTA6K5OGgV6gdk4didvspqIpwaU1cD8o7+YTJOQP+1HfiXb1UHGcCWArRvD by9KSZsKFCaWNxBOlN0EXkRn1/t3SuFvzI+WutAGRVj3YZm74LMy+EUagT8ijE/V45uChutFJRsi VqHFARYjIh/R0vfw+KucMGBaE6L5b8pdw5AOydkN1kSgxDEYzvzFVesjA6fFn3/wpVN5LnHSQH2u Le2eKMhwmcvDU1RAnH7VzR+mhjM7laTSnCTJUzOzgWg6hQZMg5xsMLyzVxdXPK459KqYgijpA4xw Ym79aFrfHtR/zU7fOWa/JK2Z03wZDqsJYNVor9FdKxc= ) ; keytag 5940 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAaakii7Az/5DfnPDSC46YkdZJUqIQhibh+uITchG9/4O/0mqKlbyqLeSyVNp5ftqyuodu/T8 smaCgVxgjQ6wZB6Oe+pVlgh68kmmAZFROX64D22b4X4Cqy2JrPtoDkCflS/mOeJYpeZkYe8FB/oS fiYXT5G3VLtb8/+JbwRx/lpBFp/lklfFzx6NSWJ8TF3qzJrAUeBJScRYl/LPfV8a9cGa6K/oLHpv aY+vnuSzvhPej3XeqeiVWiBccR09g4MzK67FLStjYVvJs2V9P1RdMsewiOGigl5ipJ0+aFHp/aHM WeFkGQC0l672hPaCmkZvok8slB3lAg8PX/FBR4amo8s= ) ; keytag 55875 adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260623030508 20260616020508 5940 adf.gov. Pz/EnGpGWfJxiB6OkHhVyWscoVNCsgXmLEklk+XBMSMNg3JTQCReJGoi0B+MsIEHCoGeVw1B0C1p T6V5Tp+WU/r2DYfrcdbiYFqVyipHazEN1KJmBUNt7FV607a4BpYOzoEcYqL1ZoeH4dax90T7OUaz x6ewScOiuii3/3s+DYPfe1ywEv8945HUDzJwlT5pnyjvB+j1JX/YEBU+M5q1FvDwmrW3flR13N/2 U7wcux8hc/EEPXE3RQCtJXTvx4lThNAYFTyUCprG14vUEaOUGRN7rFZYoDQcHuLVTIGs6TgZ6EZu HqDH4PUqFoGTkn074kNLtAxAEQ+6wDHnrafTwg== ) adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260623030508 20260616020508 36392 adf.gov. QtmQVKbtWrxc9sIUcul7kz0UmhF9pFrgDzoZxGcnoDu2BXfNz4Hbi3Ywi+UOxRrWURqJ2CEJXTKg DLnQeLJuz6CsEonwhI0H5Ilg0f/UTZJQnY774QV36/uLpY/GeU8hzPsiJv6PmFxeVlclM5dTVb/u FkAKWSlE9V/Qsb2lv0LApbneaDa4n7ZEITQv1V33rdEmCVy/EthwvMaD5glrwNoKy5Lvio2g11nZ y8iiPPa6/WXpyeDX+YW5aqVoAEpK3QwxUMmS7Q27ADvDhVmCXTnJ30vP6xhgYjc+W3FpYuEcC+1L 9gyutjl5d9IxvuO3yG5dooXiU+UukkJJpTFjhQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for adf.gov
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAdFlakj0ab/7ZTKGV8lnUSKMAYjSH7tBh801ZhMWrn37Zq5Z/esJxiMi7pf5tmjf0ZSfIEFW G5IIRBSuwBirRe1aeQIsBAU3ukqsLXNbGq+8eOhviUwnik5Fu5F7sqJgybIQv5PNOiadm4BqHjuN B9CPgfzje6fOIw79vRyNs0nJ90qic6TUioG6UMB0o1/TwTNhk0vgCUeNIzX4pcHD9xYj2/nZOCh7 hXvVFj1/yXKoNVl9zDEr5Zu5/g2kChsPj1zldmfFhhgKzK3iKFtjwryb4S+VsoRvI1fGvPmrPhpv zy8h7EqJA2zAna8d7Fck6YCwpr9sB1GWUCxbYS8bJQM= ) ; keytag 17165`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAc8JqZ0UPGJNVJf68MN6QQsh4ofxSCz+Lfg8VREyD0Rkvs5N+Mn9mxupduZ30QwUHduw8S2k DJXVHzCXdoGBM4nJbp1AvDT6WEmgKXtqPGMr+FvvTBEpjJr+PGgnbLLCrqfArdAplZlmwiN3vMTs w9W7L611bz6ybDtVI+/C9cyfdRZR9kZkZovSRJ/A+stosY2XSgEssSZE1m0QbLXCcLZaDUmEUEcM IZPXmLQqrpk0+OAGa80gej3dZx8RGW+ChYeELfsK9CZ9lD3J1jCOhsZJktNQHRCd7hE+0FhnCe+c 5BPwHhoB8rp75tN2MGbfgPEPW5CAquVqFzAOS4r6aH8= ) ; keytag 36392`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAcIkmIHZliP2uXTA6K5OGgV6gdk4didvspqIpwaU1cD8o7+YTJOQP+1HfiXb1UHGcCWArRvD by9KSZsKFCaWNxBOlN0EXkRn1/t3SuFvzI+WutAGRVj3YZm74LMy+EUagT8ijE/V45uChutFJRsi VqHFARYjIh/R0vfw+KucMGBaE6L5b8pdw5AOydkN1kSgxDEYzvzFVesjA6fFn3/wpVN5LnHSQH2u Le2eKMhwmcvDU1RAnH7VzR+mhjM7laTSnCTJUzOzgWg6hQZMg5xsMLyzVxdXPK459KqYgijpA4xw Ym79aFrfHtR/zU7fOWa/JK2Z03wZDqsJYNVor9FdKxc= ) ; keytag 5940`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAaakii7Az/5DfnPDSC46YkdZJUqIQhibh+uITchG9/4O/0mqKlbyqLeSyVNp5ftqyuodu/T8 smaCgVxgjQ6wZB6Oe+pVlgh68kmmAZFROX64D22b4X4Cqy2JrPtoDkCflS/mOeJYpeZkYe8FB/oS fiYXT5G3VLtb8/+JbwRx/lpBFp/lklfFzx6NSWJ8TF3qzJrAUeBJScRYl/LPfV8a9cGa6K/oLHpv aY+vnuSzvhPej3XeqeiVWiBccR09g4MzK67FLStjYVvJs2V9P1RdMsewiOGigl5ipJ0+aFHp/aHM WeFkGQC0l672hPaCmkZvok8slB3lAg8PX/FBR4amo8s= ) ; keytag 55875`
	DS=16281/SHA-1 is published, but a corresponding DNSKEY is not
	DS=51142/SHA-1 is published, but a corresponding DNSKEY is not
	DS=56043/SHA-256 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 5 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260623030508 20260616020508 5940 adf.gov. Pz/EnGpGWfJxiB6OkHhVyWscoVNCsgXmLEklk+XBMSMNg3JTQCReJGoi0B+MsIEHCoGeVw1B0C1p T6V5Tp+WU/r2DYfrcdbiYFqVyipHazEN1KJmBUNt7FV607a4BpYOzoEcYqL1ZoeH4dax90T7OUaz x6ewScOiuii3/3s+DYPfe1ywEv8945HUDzJwlT5pnyjvB+j1JX/YEBU+M5q1FvDwmrW3flR13N/2 U7wcux8hc/EEPXE3RQCtJXTvx4lThNAYFTyUCprG14vUEaOUGRN7rFZYoDQcHuLVTIGs6TgZ6EZu HqDH4PUqFoGTkn074kNLtAxAEQ+6wDHnrafTwg== )`
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20260623030508 20260616020508 36392 adf.gov. QtmQVKbtWrxc9sIUcul7kz0UmhF9pFrgDzoZxGcnoDu2BXfNz4Hbi3Ywi+UOxRrWURqJ2CEJXTKg DLnQeLJuz6CsEonwhI0H5Ilg0f/UTZJQnY774QV36/uLpY/GeU8hzPsiJv6PmFxeVlclM5dTVb/u FkAKWSlE9V/Qsb2lv0LApbneaDa4n7ZEITQv1V33rdEmCVy/EthwvMaD5glrwNoKy5Lvio2g11nZ y8iiPPa6/WXpyeDX+YW5aqVoAEpK3QwxUMmS7Q27ADvDhVmCXTnJ30vP6xhgYjc+W3FpYuEcC+1L 9gyutjl5d9IxvuO3yG5dooXiU+UukkJJpTFjhQ== )`
	RRSIG=5940 and DNSKEY=5940/SEP does not verify the DNSKEY RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	RRSIG=36392 and DNSKEY=36392 does not verify the DNSKEY RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	None of the 2 RRSIG and 4 DNSKEY records validate the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 347 octets ;; HEADER SECTION ;; id = 9989 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20260623030508 20260616020508 36392 adf.gov. CS37jUvn/6h3MWKDUYINFamYtQSz8q7Y0M7XJCcWfCjJq8YFD76d0Cy8KUwvbTWSAMPwh0zr2ruM HeocnTiU5uplquumMwukucbt0PYYsZ1DXmQbWeKARv3NsUFQhpCqVuk9mheWVxl0ax4RA+tjE7bX xgUvuA1pwhAaj/JBW1Ig0fND6TLIlSBuAfRQXcrGCBjFNIEeaj1MgSTJ0rhe5Y0US8IfAJp/FJAZ g9pV0dEfGB7XyV6Ud08DoZstwc1cAcll2Gc7KGgxj+vdYzg7c+oaMe0t5AmnD5gaZUfJ2qlRxAjh +sj7E44WV7AVA0ZdAvS5a3ZnvgLYDQFHiR9KRA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	auth120.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth111.ns.uu.net for adf.gov/SOA
	Received 395 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 395 octets ;; HEADER SECTION ;; id = 6890 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN SOA ;; ANSWER SECTION (2 records) adf.gov. 3600 IN SOA ( auth111.ns.uu.net. hostmaster.uu.net. 13202 ;serial 1800 ;refresh 600 ;retry 1728000 ;expire 3600 ;minimum ) adf.gov. 3600 IN RRSIG ( SOA 7 2 3600 20260623030508 20260616020508 36392 adf.gov. IdaEkOuDtTKf99Aa7l3LLWMOlxuXzUPvTwB4fTSuqfR2JsjSQa1IXbToMimcin58QRtBkt1iuONf 7VikV4drjQvVkkbgZEP0o0y0pA04hP53Mh3F9IK6AjfbkoFP+3H3wINlLVeyyIFW/hScdI/cV4T/ t710WHDKracRokloIzcl5j2QWGvvihvn1UJitLL9edwUoEjvWd/F+5Mbjpjc41qn0zQLZM8F/Ohr f8DL3L4MxwhrBHF06mtCyqFD/e+euUTGbtAwAZHnbJhOMPerALd+SVGUM+jI1xKNSwhB/Ni6ogAI TWARfHBtqYGDXgFHPn0I2jwa82pHJXPIgySXSw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to auth120.ns.uu.net for adf.gov/A
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20260623030508 20260616020508 36392 adf.gov. CS37jUvn/6h3MWKDUYINFamYtQSz8q7Y0M7XJCcWfCjJq8YFD76d0Cy8KUwvbTWSAMPwh0zr2ruM HeocnTiU5uplquumMwukucbt0PYYsZ1DXmQbWeKARv3NsUFQhpCqVuk9mheWVxl0ax4RA+tjE7bX xgUvuA1pwhAaj/JBW1Ig0fND6TLIlSBuAfRQXcrGCBjFNIEeaj1MgSTJ0rhe5Y0US8IfAJp/FJAZ g9pV0dEfGB7XyV6Ud08DoZstwc1cAcll2Gc7KGgxj+vdYzg7c+oaMe0t5AmnD5gaZUfJ2qlRxAjh +sj7E44WV7AVA0ZdAvS5a3ZnvgLYDQFHiR9KRA== )`
	RRSIG=36392 and DNSKEY=36392 does not verify the A RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	None of the 1 RRSIG and 4 DNSKEY records validate the A RRset

adf.gov

	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 347 octets ;; HEADER SECTION ;; id = 34334 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20260623030508 20260616020508 36392 adf.gov. CS37jUvn/6h3MWKDUYINFamYtQSz8q7Y0M7XJCcWfCjJq8YFD76d0Cy8KUwvbTWSAMPwh0zr2ruM HeocnTiU5uplquumMwukucbt0PYYsZ1DXmQbWeKARv3NsUFQhpCqVuk9mheWVxl0ax4RA+tjE7bX xgUvuA1pwhAaj/JBW1Ig0fND6TLIlSBuAfRQXcrGCBjFNIEeaj1MgSTJ0rhe5Y0US8IfAJp/FJAZ g9pV0dEfGB7XyV6Ud08DoZstwc1cAcll2Gc7KGgxj+vdYzg7c+oaMe0t5AmnD5gaZUfJ2qlRxAjh +sj7E44WV7AVA0ZdAvS5a3ZnvgLYDQFHiR9KRA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	auth111.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth111.ns.uu.net for adf.gov/A
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20260623030508 20260616020508 36392 adf.gov. CS37jUvn/6h3MWKDUYINFamYtQSz8q7Y0M7XJCcWfCjJq8YFD76d0Cy8KUwvbTWSAMPwh0zr2ruM HeocnTiU5uplquumMwukucbt0PYYsZ1DXmQbWeKARv3NsUFQhpCqVuk9mheWVxl0ax4RA+tjE7bX xgUvuA1pwhAaj/JBW1Ig0fND6TLIlSBuAfRQXcrGCBjFNIEeaj1MgSTJ0rhe5Y0US8IfAJp/FJAZ g9pV0dEfGB7XyV6Ud08DoZstwc1cAcll2Gc7KGgxj+vdYzg7c+oaMe0t5AmnD5gaZUfJ2qlRxAjh +sj7E44WV7AVA0ZdAvS5a3ZnvgLYDQFHiR9KRA== )`
	RRSIG=36392 and DNSKEY=36392 does not verify the A RRset (libcrypto error (SEC.xs line 223)signature verification failed)
	None of the 1 RRSIG and 4 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: