DNSSEC Debugger

Domain Name:

Time: 2025-12-14 12:08:05 UTC

Analyzing DNSSEC problems for adf.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to b.root-servers.net for ./DNSKEY
	Received 1139 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 1139 octets ;; HEADER SECTION ;; id = 1707 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20251231000000 20251210000000 20326 . GtG815YBui59E5sObprF3pDkJhEZQhPIgRdJAGItKoXToXmek0SDpBkg7wsmoM/WWeDNWaYecNTO tz3HTi5ncNHH/vPwBSySDS2AlGCcXDH5gdoh1bIjU98OoT2QfdeujlTr8UqJ60woWwC3HUb2oyeT YSYAargeWYJ4KvNh1vkhcyg9ygR12ohkCC5XhAWucdmuVwnE5Y9qABCStI27yYppoGv36UHakdqW rhdUStla6r0C4f4BudLZX/EkFRlUUhxkwa+XtLfYO2QQxCfuot0Msne9FVEe4HNkFutJw4mGNgQZ yESjt9Q8bGbzCngJgV89HzM02ChJAVofG2ltew== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20251231000000 20251210000000 20326 . GtG815YBui59E5sObprF3pDkJhEZQhPIgRdJAGItKoXToXmek0SDpBkg7wsmoM/WWeDNWaYecNTO tz3HTi5ncNHH/vPwBSySDS2AlGCcXDH5gdoh1bIjU98OoT2QfdeujlTr8UqJ60woWwC3HUb2oyeT YSYAargeWYJ4KvNh1vkhcyg9ygR12ohkCC5XhAWucdmuVwnE5Y9qABCStI27yYppoGv36UHakdqW rhdUStla6r0C4f4BudLZX/EkFRlUUhxkwa+XtLfYO2QQxCfuot0Msne9FVEe4HNkFutJw4mGNgQZ yESjt9Q8bGbzCngJgV89HzM02ChJAVofG2ltew== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=61809 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to j.root-servers.net for adf.gov/A
	Received 614 bytes from 192.58.128.30
	;; Response received from [192.58.128.30] 614 octets ;; HEADER SECTION ;; id = 24125 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251227050000 20251214040000 61809 . AEgRyBji/41A/pS7Kfg7ssWMnWNOMLuYGZQHnpMLnmrFetitsP0pF0uqBrcvPcpDb61UCDJ7/Lqc 2y+gT+QA+n7HHE6rr++Ia2lK4aJVgcYX+dG18qJhsdirkOSgezc5U7jidOzSM32juCZmS0ecwL87 mnLDEmqMiA3zVlui5zj5PwNsMEmCm6qSGmuRsnroHWBimL+BsX4CBt2lJwjHH96Z6q0nNria0KkW wpgaW9v+SdhvOeBGh4sQEyzaJZNGpTDMJLmwzgJxX4NeLP0/swA4ycQ0vhZPLhE25r6yUWSEvtbK 6dNt8pH4qDt3BpaNUey1A5wzPynq7uufI+ttOg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to f.root-servers.net for gov/DNSKEY
	Received 610 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 610 octets ;; HEADER SECTION ;; id = 37999 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251227050000 20251214040000 61809 . AEgRyBji/41A/pS7Kfg7ssWMnWNOMLuYGZQHnpMLnmrFetitsP0pF0uqBrcvPcpDb61UCDJ7/Lqc 2y+gT+QA+n7HHE6rr++Ia2lK4aJVgcYX+dG18qJhsdirkOSgezc5U7jidOzSM32juCZmS0ecwL87 mnLDEmqMiA3zVlui5zj5PwNsMEmCm6qSGmuRsnroHWBimL+BsX4CBt2lJwjHH96Z6q0nNria0KkW wpgaW9v+SdhvOeBGh4sQEyzaJZNGpTDMJLmwzgJxX4NeLP0/swA4ycQ0vhZPLhE25r6yUWSEvtbK 6dNt8pH4qDt3BpaNUey1A5wzPynq7uufI+ttOg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to b.root-servers.net for gov/DS
	Received 367 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 367 octets ;; HEADER SECTION ;; id = 2735 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251227050000 20251214040000 61809 . AEgRyBji/41A/pS7Kfg7ssWMnWNOMLuYGZQHnpMLnmrFetitsP0pF0uqBrcvPcpDb61UCDJ7/Lqc 2y+gT+QA+n7HHE6rr++Ia2lK4aJVgcYX+dG18qJhsdirkOSgezc5U7jidOzSM32juCZmS0ecwL87 mnLDEmqMiA3zVlui5zj5PwNsMEmCm6qSGmuRsnroHWBimL+BsX4CBt2lJwjHH96Z6q0nNria0KkW wpgaW9v+SdhvOeBGh4sQEyzaJZNGpTDMJLmwzgJxX4NeLP0/swA4ycQ0vhZPLhE25r6yUWSEvtbK 6dNt8pH4qDt3BpaNUey1A5wzPynq7uufI+ttOg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20251227050000 20251214040000 61809 . AEgRyBji/41A/pS7Kfg7ssWMnWNOMLuYGZQHnpMLnmrFetitsP0pF0uqBrcvPcpDb61UCDJ7/Lqc 2y+gT+QA+n7HHE6rr++Ia2lK4aJVgcYX+dG18qJhsdirkOSgezc5U7jidOzSM32juCZmS0ecwL87 mnLDEmqMiA3zVlui5zj5PwNsMEmCm6qSGmuRsnroHWBimL+BsX4CBt2lJwjHH96Z6q0nNria0KkW wpgaW9v+SdhvOeBGh4sQEyzaJZNGpTDMJLmwzgJxX4NeLP0/swA4ycQ0vhZPLhE25r6yUWSEvtbK 6dNt8pH4qDt3BpaNUey1A5wzPynq7uufI+ttOg== )`
	RRSIG=61809 and DNSKEY=61809 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 36774 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260205110617 20251206110617 2536 gov. nZHIPZZ3z80AAkg8IDRVDprfpie4C0q93y05w0bzGd/fdwD8ocNWH6iMFuJ1B13pIaERw0TJTBOo cbM9gLWhNQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260205110617 20251206110617 2536 gov. nZHIPZZ3z80AAkg8IDRVDprfpie4C0q93y05w0bzGd/fdwD8ocNWH6iMFuJ1B13pIaERw0TJTBOo cbM9gLWhNQ== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to c.ns.gov for adf.gov/A
	Received 404 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 404 octets ;; HEADER SECTION ;; id = 47601 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 10800 IN NS auth111.ns.uu.net. adf.gov. 10800 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20251215130805 20251213110805 35496 gov. uAw2HLt2Gj+rXZ5R9fD9GYLr03PCDY6+EUDOASM29ZL4SPmRA52ex/cP95W71ZUIFWSnXdRDAmpm 8bjR8W0aSw== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to c.ns.gov for adf.gov/DNSKEY
	Received 404 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 404 octets ;; HEADER SECTION ;; id = 37758 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) adf.gov. 10800 IN NS auth111.ns.uu.net. adf.gov. 10800 IN NS auth120.ns.uu.net. adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20251215130805 20251213110805 35496 gov. 4AK2L6kyYRjQlz4EyOURL4+UY1/g9+6PFLRN4CEkrRmG6r9oBxik/tZ5Pdw4lAQ3l49KvCreSqrK ML6nDpxXWg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone adf.gov

adf.gov

	Checking DS between gov and adf.gov
	Query to c.ns.gov for adf.gov/DS
	Received 351 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 351 octets ;; HEADER SECTION ;; id = 42066 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DS ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77 adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf ) adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc ) adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba ) adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20251215130805 20251213110805 35496 gov. ktg7PjvnczI7IHVAFs768N8PSyuXahvMy+473mq6xllh44n5dkdJ002pPYYbk8iJOkQ1bnZlf+FR FYGm1p7joA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 5 DS records for adf.gov in the gov zone
	DS=16281/SHA-1 uses a deprecated digest algorithm
	DS=51142/SHA-1 uses a deprecated digest algorithm
	DS=16281/SHA-1 has algorithm RSASHA1-NSEC3-SHA1
	DS=16281/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=51142/SHA-1 has algorithm RSASHA1
	DS=51142/SHA-256 has algorithm RSASHA1
	DS=56043/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	Found 1 RRSIGs over DS RRset
	`adf.gov. 3600 IN RRSIG ( DS 13 2 3600 20251215130805 20251213110805 35496 gov. ktg7PjvnczI7IHVAFs768N8PSyuXahvMy+473mq6xllh44n5dkdJ002pPYYbk8iJOkQ1bnZlf+FR FYGm1p7joA== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=16281/SHA-1 is now in the chain-of-trust
	DS=51142/SHA-1 is now in the chain-of-trust
	DS=56043/SHA-256 is now in the chain-of-trust
	`adf.gov. 3600 IN DS 16281 7 1 d8aac2d76adb8ba4ce046d1e9bcdf34c0ec8ec77`
	`adf.gov. 3600 IN DS ( 16281 7 2 4d403c78e3ab4117f5612eb596f7c54c24246c761c9e589a7e2c1ecb8a2e4dcf )`
	`adf.gov. 3600 IN DS 51142 5 1 38124e8084c86da57f70f23a07f651a1d0239d8a`
	`adf.gov. 3600 IN DS ( 51142 5 2 3bbc33bfa74d5f16989fdb0c287d98a1114799a4ffe92b3549d665d6d188c7dc )`
	`adf.gov. 3600 IN DS ( 56043 7 2 7d976b23e807219e0ecde2b7a9b9221b8c9e44fe4d7456958c80ca9eb1c692ba )`
	Query to auth120.ns.uu.net for adf.gov/DNSKEY
	Received 1730 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 1730 octets ;; HEADER SECTION ;; id = 23651 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN DNSKEY ;; ANSWER SECTION (6 records) adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAcIkmIHZliP2uXTA6K5OGgV6gdk4didvspqIpwaU1cD8o7+YTJOQP+1HfiXb1UHGcCWArRvD by9KSZsKFCaWNxBOlN0EXkRn1/t3SuFvzI+WutAGRVj3YZm74LMy+EUagT8ijE/V45uChutFJRsi VqHFARYjIh/R0vfw+KucMGBaE6L5b8pdw5AOydkN1kSgxDEYzvzFVesjA6fFn3/wpVN5LnHSQH2u Le2eKMhwmcvDU1RAnH7VzR+mhjM7laTSnCTJUzOzgWg6hQZMg5xsMLyzVxdXPK459KqYgijpA4xw Ym79aFrfHtR/zU7fOWa/JK2Z03wZDqsJYNVor9FdKxc= ) ; keytag 5940 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAa7bEgvVy2X4Srd9QlyzGFD77ktCv7tYret1Tcdr9tnuf9EXwCzZg3yDfMiujrOzixzQcPFj AT5G3pueulIGLC+0finDYdf4vFAt9py5Yufxq9vIqFLrSa3wpCY+SH0aHVQkx80aVi+hdy1v5N61 sTZPWufy0p0xA5CSPk+p96vZYaxfYvqtFcSZ336uV6j+Nmma/gyqS/WtHq5yJLltG+0GY9og3zBF 1YecF+RbCy66xaaaHTSEL91uoks9SMUUzBvtlQqm8Zc8NNKYP3LP02eu+fBopW41fjUgFAG+4vdY nsVgwtV1bJ3GXghKqrBppu6EY40HNmBbX9K00mA7dok= ) ; keytag 1622 adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAaQKRymeTG6k8L3hwdfKTbGQlnQqUWIuiTNITyMR0Ulx+YyS+uMo4Ho2ngYecIqqd95CW+fO zBt7OLhqozrBzj6McEjmNAotWn7rl5AAkDuKTJA2fetAs2hSDerDNG7WUSUDb8uA2yLMpLtxBHGa rKqkC3DIrtA3JtMF4boUWiq2vRLtjYwFZZZDgYbIz6M6RcqkBL+OUnsQUFPemSP84rwAxOPJBbAm H/1fSVoDc8ZqNX2nOrf/19pIXZrMxpWCM4He8G5IQtn7rf7gwuTdsr9BSx6ChDacgPN6zGUYhZfQ duCejVUi+HSEYq12zk7W3DQNfHQMpro+93ygvqUCGMc= ) ; keytag 2912 adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAaakii7Az/5DfnPDSC46YkdZJUqIQhibh+uITchG9/4O/0mqKlbyqLeSyVNp5ftqyuodu/T8 smaCgVxgjQ6wZB6Oe+pVlgh68kmmAZFROX64D22b4X4Cqy2JrPtoDkCflS/mOeJYpeZkYe8FB/oS fiYXT5G3VLtb8/+JbwRx/lpBFp/lklfFzx6NSWJ8TF3qzJrAUeBJScRYl/LPfV8a9cGa6K/oLHpv aY+vnuSzvhPej3XeqeiVWiBccR09g4MzK67FLStjYVvJs2V9P1RdMsewiOGigl5ipJ0+aFHp/aHM WeFkGQC0l672hPaCmkZvok8slB3lAg8PX/FBR4amo8s= ) ; keytag 55875 adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20251221030504 20251214020504 1622 adf.gov. SBie1rfI1AuLFAGzYy21MxfDlROGhCmCtJfSu0iLnH0S2wm0xC4qVomBE2dYLNlvv3EHc6X6DXLb tcanXpB8xaeBU7b/4s5RcGQzu2x3lK3ONpidgVI4IZV7S7okSaAKQEB0HRR5zwOSi2r7h/qopaGX OgYDtu2J9VTs0zyu9ccj3onunJhkdc7wePSvh42chuJs9sOLXoINQVKwMonnamzXmQGLF2+nsuqR CCd4yaqsGq2QIDKpKnst6OWmiAlIfMurUoh+6W0BvBnXHBMwQs8VWJzbccGFPby+4kHqno/4zL9L iaNdxwyBERNrEpVoYNiZVnoUlWI0nNgVJY8Z6Q== ) adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20251221030504 20251214020504 5940 adf.gov. bL2qTqxR3KfF0jeScWE3HaIRlImGL6oL6iYENdDi7mTyZ/FuXeSatDuL902AK6wip20owRS3i0Ad sOD40YVMuVUwY2rSq5jipfcETh55nIvpbpHSZ+xSDtddNsbeQcvHS8lo/vs+nV4eixMd1Qv8ZhJw +TnUhZv/m7ootr6lzyofs2SkE6ezfSok8XJchUqKkgjI+Xbm3DY249ZBVumDFd9VMQGJ/xyddLtj wY/0HU2/1KdBUPOREPjDUKwGIoxc7M2KZwl/Gi5/S7strAiMBhNY7FcEW/1NLhZlxjaMOcnX9zbZ aytzZFX4TNHtFUqEeUR9pOoQeE+ugTMeDo1kBA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for adf.gov
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAcIkmIHZliP2uXTA6K5OGgV6gdk4didvspqIpwaU1cD8o7+YTJOQP+1HfiXb1UHGcCWArRvD by9KSZsKFCaWNxBOlN0EXkRn1/t3SuFvzI+WutAGRVj3YZm74LMy+EUagT8ijE/V45uChutFJRsi VqHFARYjIh/R0vfw+KucMGBaE6L5b8pdw5AOydkN1kSgxDEYzvzFVesjA6fFn3/wpVN5LnHSQH2u Le2eKMhwmcvDU1RAnH7VzR+mhjM7laTSnCTJUzOzgWg6hQZMg5xsMLyzVxdXPK459KqYgijpA4xw Ym79aFrfHtR/zU7fOWa/JK2Z03wZDqsJYNVor9FdKxc= ) ; keytag 5940`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAa7bEgvVy2X4Srd9QlyzGFD77ktCv7tYret1Tcdr9tnuf9EXwCzZg3yDfMiujrOzixzQcPFj AT5G3pueulIGLC+0finDYdf4vFAt9py5Yufxq9vIqFLrSa3wpCY+SH0aHVQkx80aVi+hdy1v5N61 sTZPWufy0p0xA5CSPk+p96vZYaxfYvqtFcSZ336uV6j+Nmma/gyqS/WtHq5yJLltG+0GY9og3zBF 1YecF+RbCy66xaaaHTSEL91uoks9SMUUzBvtlQqm8Zc8NNKYP3LP02eu+fBopW41fjUgFAG+4vdY nsVgwtV1bJ3GXghKqrBppu6EY40HNmBbX9K00mA7dok= ) ; keytag 1622`
	`adf.gov. 3600 IN DNSKEY ( 256 3 7 AwEAAaQKRymeTG6k8L3hwdfKTbGQlnQqUWIuiTNITyMR0Ulx+YyS+uMo4Ho2ngYecIqqd95CW+fO zBt7OLhqozrBzj6McEjmNAotWn7rl5AAkDuKTJA2fetAs2hSDerDNG7WUSUDb8uA2yLMpLtxBHGa rKqkC3DIrtA3JtMF4boUWiq2vRLtjYwFZZZDgYbIz6M6RcqkBL+OUnsQUFPemSP84rwAxOPJBbAm H/1fSVoDc8ZqNX2nOrf/19pIXZrMxpWCM4He8G5IQtn7rf7gwuTdsr9BSx6ChDacgPN6zGUYhZfQ duCejVUi+HSEYq12zk7W3DQNfHQMpro+93ygvqUCGMc= ) ; keytag 2912`
	`adf.gov. 3600 IN DNSKEY ( 257 3 7 AwEAAaakii7Az/5DfnPDSC46YkdZJUqIQhibh+uITchG9/4O/0mqKlbyqLeSyVNp5ftqyuodu/T8 smaCgVxgjQ6wZB6Oe+pVlgh68kmmAZFROX64D22b4X4Cqy2JrPtoDkCflS/mOeJYpeZkYe8FB/oS fiYXT5G3VLtb8/+JbwRx/lpBFp/lklfFzx6NSWJ8TF3qzJrAUeBJScRYl/LPfV8a9cGa6K/oLHpv aY+vnuSzvhPej3XeqeiVWiBccR09g4MzK67FLStjYVvJs2V9P1RdMsewiOGigl5ipJ0+aFHp/aHM WeFkGQC0l672hPaCmkZvok8slB3lAg8PX/FBR4amo8s= ) ; keytag 55875`
	DS=16281/SHA-1 is published, but a corresponding DNSKEY is not
	DS=51142/SHA-1 is published, but a corresponding DNSKEY is not
	DS=56043/SHA-256 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 5 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20251221030504 20251214020504 1622 adf.gov. SBie1rfI1AuLFAGzYy21MxfDlROGhCmCtJfSu0iLnH0S2wm0xC4qVomBE2dYLNlvv3EHc6X6DXLb tcanXpB8xaeBU7b/4s5RcGQzu2x3lK3ONpidgVI4IZV7S7okSaAKQEB0HRR5zwOSi2r7h/qopaGX OgYDtu2J9VTs0zyu9ccj3onunJhkdc7wePSvh42chuJs9sOLXoINQVKwMonnamzXmQGLF2+nsuqR CCd4yaqsGq2QIDKpKnst6OWmiAlIfMurUoh+6W0BvBnXHBMwQs8VWJzbccGFPby+4kHqno/4zL9L iaNdxwyBERNrEpVoYNiZVnoUlWI0nNgVJY8Z6Q== )`
	`adf.gov. 3600 IN RRSIG ( DNSKEY 7 2 3600 20251221030504 20251214020504 5940 adf.gov. bL2qTqxR3KfF0jeScWE3HaIRlImGL6oL6iYENdDi7mTyZ/FuXeSatDuL902AK6wip20owRS3i0Ad sOD40YVMuVUwY2rSq5jipfcETh55nIvpbpHSZ+xSDtddNsbeQcvHS8lo/vs+nV4eixMd1Qv8ZhJw +TnUhZv/m7ootr6lzyofs2SkE6ezfSok8XJchUqKkgjI+Xbm3DY249ZBVumDFd9VMQGJ/xyddLtj wY/0HU2/1KdBUPOREPjDUKwGIoxc7M2KZwl/Gi5/S7strAiMBhNY7FcEW/1NLhZlxjaMOcnX9zbZ aytzZFX4TNHtFUqEeUR9pOoQeE+ugTMeDo1kBA== )`
	RRSIG=1622 and DNSKEY=1622 verifies the DNSKEY RRset
	RRSIG=5940 and DNSKEY=5940/SEP verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 347 octets ;; HEADER SECTION ;; id = 10164 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20251221030504 20251214020504 1622 adf.gov. ArUVHq09b1igSWTa9XlmV+uQXD/AEYw/Wr9Rk8TYwRMMaxKoXyyOi/mdgc/MmItsl0rtbX881p+m Pen/Q2DBrqdDRGjxRVnQactnKXXZ+SYwT3z74OV8ksextthFUUdO2k1/NUJDwVwTOj+tpfCcx++b nVii6qgT9j/DIM8wKdULunzz39VJqdVWCl04cF89dqggGoeuz/JtUtKLAy6Dn2oaMFuGG0rgI1pw CCBPSWzwt9o6waetwftshscPvNjJpBwNKk2FLvyhBEXvhKqritxg/Pr2CbAH01XLF9++AlfnMmiD 8SbUFafuEwUXT3555RI6teew5LWJCdbQKbHmZA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	auth111.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth120.ns.uu.net for adf.gov/SOA
	Received 401 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 401 octets ;; HEADER SECTION ;; id = 6373 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN SOA ;; ANSWER SECTION (2 records) adf.gov. 3600 IN SOA ( auth111.ns.uu.net. hostmaster.uu.net. 12836 ;serial 1800 ;refresh 600 ;retry 1728000 ;expire 3600 ;minimum ) adf.gov. 3600 IN RRSIG ( SOA 7 2 3600 20251221030504 20251214020504 1622 adf.gov. FqzODAmvHPSvGXuk/cECWt51jjcrhbq38HgfNN6bRVvc8gyQhJbDFgssQsgvQ0UAwzFzYXclcdAj HVN/ItKQXhnnETI3cbVO/rz0remfU0HWKayYNajvGxuF9LonrUNzrNM/A+Cqm12EIoKvWE9W86M8 UhThSXAhZxzbPkMYw1FN113b9ULBCBuBPV60ulVG1gmtX9mP1y/Cak5kFyPi9WxAuJvphwI5EjLE a+Ww8QqP+UMJkD17FQUTnJl3RNflln8DI65sm1t3pfOQ7zgLWT0wF9twB31/QNm9/PlQiU2rvoNP 8IQl1MVtc5PrGDXPT5XGQLmDC6+QPKgFhAgA0g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to auth111.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.115
	;; Response received from [198.6.1.115] 347 octets ;; HEADER SECTION ;; id = 24728 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20251221030504 20251214020504 1622 adf.gov. ArUVHq09b1igSWTa9XlmV+uQXD/AEYw/Wr9Rk8TYwRMMaxKoXyyOi/mdgc/MmItsl0rtbX881p+m Pen/Q2DBrqdDRGjxRVnQactnKXXZ+SYwT3z74OV8ksextthFUUdO2k1/NUJDwVwTOj+tpfCcx++b nVii6qgT9j/DIM8wKdULunzz39VJqdVWCl04cF89dqggGoeuz/JtUtKLAy6Dn2oaMFuGG0rgI1pw CCBPSWzwt9o6waetwftshscPvNjJpBwNKk2FLvyhBEXvhKqritxg/Pr2CbAH01XLF9++AlfnMmiD 8SbUFafuEwUXT3555RI6teew5LWJCdbQKbHmZA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20251221030504 20251214020504 1622 adf.gov. ArUVHq09b1igSWTa9XlmV+uQXD/AEYw/Wr9Rk8TYwRMMaxKoXyyOi/mdgc/MmItsl0rtbX881p+m Pen/Q2DBrqdDRGjxRVnQactnKXXZ+SYwT3z74OV8ksextthFUUdO2k1/NUJDwVwTOj+tpfCcx++b nVii6qgT9j/DIM8wKdULunzz39VJqdVWCl04cF89dqggGoeuz/JtUtKLAy6Dn2oaMFuGG0rgI1pw CCBPSWzwt9o6waetwftshscPvNjJpBwNKk2FLvyhBEXvhKqritxg/Pr2CbAH01XLF9++AlfnMmiD 8SbUFafuEwUXT3555RI6teew5LWJCdbQKbHmZA== )`
	RRSIG=1622 and DNSKEY=1622 verifies the A RRset

adf.gov

	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 347 octets ;; HEADER SECTION ;; id = 61480 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20251221030504 20251214020504 1622 adf.gov. ArUVHq09b1igSWTa9XlmV+uQXD/AEYw/Wr9Rk8TYwRMMaxKoXyyOi/mdgc/MmItsl0rtbX881p+m Pen/Q2DBrqdDRGjxRVnQactnKXXZ+SYwT3z74OV8ksextthFUUdO2k1/NUJDwVwTOj+tpfCcx++b nVii6qgT9j/DIM8wKdULunzz39VJqdVWCl04cF89dqggGoeuz/JtUtKLAy6Dn2oaMFuGG0rgI1pw CCBPSWzwt9o6waetwftshscPvNjJpBwNKk2FLvyhBEXvhKqritxg/Pr2CbAH01XLF9++AlfnMmiD 8SbUFafuEwUXT3555RI6teew5LWJCdbQKbHmZA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	auth120.ns.uu.net is authoritative for adf.gov
	Found RRSIG signed by adf.gov zone
	Query to auth120.ns.uu.net for adf.gov/A
	Received 347 bytes from 198.6.1.154
	;; Response received from [198.6.1.154] 347 octets ;; HEADER SECTION ;; id = 13146 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; adf.gov. IN A ;; ANSWER SECTION (2 records) adf.gov. 3600 IN A 3.221.42.84 adf.gov. 3600 IN RRSIG ( A 7 2 3600 20251221030504 20251214020504 1622 adf.gov. ArUVHq09b1igSWTa9XlmV+uQXD/AEYw/Wr9Rk8TYwRMMaxKoXyyOi/mdgc/MmItsl0rtbX881p+m Pen/Q2DBrqdDRGjxRVnQactnKXXZ+SYwT3z74OV8ksextthFUUdO2k1/NUJDwVwTOj+tpfCcx++b nVii6qgT9j/DIM8wKdULunzz39VJqdVWCl04cF89dqggGoeuz/JtUtKLAy6Dn2oaMFuGG0rgI1pw CCBPSWzwt9o6waetwftshscPvNjJpBwNKk2FLvyhBEXvhKqritxg/Pr2CbAH01XLF9++AlfnMmiD 8SbUFafuEwUXT3555RI6teew5LWJCdbQKbHmZA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	adf.gov A RR has value 3.221.42.84
	Found 1 RRSIGs over A RRset
	`adf.gov. 3600 IN RRSIG ( A 7 2 3600 20251221030504 20251214020504 1622 adf.gov. ArUVHq09b1igSWTa9XlmV+uQXD/AEYw/Wr9Rk8TYwRMMaxKoXyyOi/mdgc/MmItsl0rtbX881p+m Pen/Q2DBrqdDRGjxRVnQactnKXXZ+SYwT3z74OV8ksextthFUUdO2k1/NUJDwVwTOj+tpfCcx++b nVii6qgT9j/DIM8wKdULunzz39VJqdVWCl04cF89dqggGoeuz/JtUtKLAy6Dn2oaMFuGG0rgI1pw CCBPSWzwt9o6waetwftshscPvNjJpBwNKk2FLvyhBEXvhKqritxg/Pr2CbAH01XLF9++AlfnMmiD 8SbUFafuEwUXT3555RI6teew5LWJCdbQKbHmZA== )`
	RRSIG=1622 and DNSKEY=1622 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test adf.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: