DNSSEC Debugger - capitolgiftshop.gov

Domain Name:

Time: 2025-07-05 19:17:34 UTC

Analyzing DNSSEC problems for capitolgiftshop.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to k.root-servers.net for ./DNSKEY
	Received 1414 bytes from 193.0.14.129
	;; Response received from [193.0.14.129] 1414 octets ;; HEADER SECTION ;; id = 19564 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=53148 is now in the chain-of-trust
	DNSKEY=46441 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to b.root-servers.net for capitolgiftshop.gov/A
	Received 626 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 626 octets ;; HEADER SECTION ;; id = 50259 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250718170000 20250705160000 46441 . I6wijLUfNGqP5mkZPOSZuhhPoKCPbS4uVs4+EMKJONfWNqC/WHAZsVMfYN3foYswjJAPaD5M9vOS ruPhlFKG+vQbC3jOuZBAlxFZ46J2Ia9fMPHQnnVBD0ha/nZj886uv1zIuBOu2rIIJy+TBvhtlY0h OLUXyhrRh0q478lk9BUwBkXkOz/CF/tze25zNzAzSijhW9UQQcmPtd/xY+J2H/UPFs8in6t1FNcX cuYxdXkjSJYgh+uUo6KG3sRnAmknfVUF8BBJ6x+YzZ+OLu6Csvy/gKlNxmSREQo6ZILKBxCudZ+K E8/yndHUbipsVkRtpBpHzErbIOteELP5makHvg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to g.root-servers.net for gov/DNSKEY
	Received 613 bytes from 192.112.36.4
	;; Response received from [192.112.36.4] 613 octets ;; HEADER SECTION ;; id = 23442 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250718170000 20250705160000 46441 . I6wijLUfNGqP5mkZPOSZuhhPoKCPbS4uVs4+EMKJONfWNqC/WHAZsVMfYN3foYswjJAPaD5M9vOS ruPhlFKG+vQbC3jOuZBAlxFZ46J2Ia9fMPHQnnVBD0ha/nZj886uv1zIuBOu2rIIJy+TBvhtlY0h OLUXyhrRh0q478lk9BUwBkXkOz/CF/tze25zNzAzSijhW9UQQcmPtd/xY+J2H/UPFs8in6t1FNcX cuYxdXkjSJYgh+uUo6KG3sRnAmknfVUF8BBJ6x+YzZ+OLu6Csvy/gKlNxmSREQo6ZILKBxCudZ+K E8/yndHUbipsVkRtpBpHzErbIOteELP5makHvg== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to k.root-servers.net for gov/DS
	Received 367 bytes from 193.0.14.129
	;; Response received from [193.0.14.129] 367 octets ;; HEADER SECTION ;; id = 30429 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250718170000 20250705160000 46441 . I6wijLUfNGqP5mkZPOSZuhhPoKCPbS4uVs4+EMKJONfWNqC/WHAZsVMfYN3foYswjJAPaD5M9vOS ruPhlFKG+vQbC3jOuZBAlxFZ46J2Ia9fMPHQnnVBD0ha/nZj886uv1zIuBOu2rIIJy+TBvhtlY0h OLUXyhrRh0q478lk9BUwBkXkOz/CF/tze25zNzAzSijhW9UQQcmPtd/xY+J2H/UPFs8in6t1FNcX cuYxdXkjSJYgh+uUo6KG3sRnAmknfVUF8BBJ6x+YzZ+OLu6Csvy/gKlNxmSREQo6ZILKBxCudZ+K E8/yndHUbipsVkRtpBpHzErbIOteELP5makHvg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20250718170000 20250705160000 46441 . I6wijLUfNGqP5mkZPOSZuhhPoKCPbS4uVs4+EMKJONfWNqC/WHAZsVMfYN3foYswjJAPaD5M9vOS ruPhlFKG+vQbC3jOuZBAlxFZ46J2Ia9fMPHQnnVBD0ha/nZj886uv1zIuBOu2rIIJy+TBvhtlY0h OLUXyhrRh0q478lk9BUwBkXkOz/CF/tze25zNzAzSijhW9UQQcmPtd/xY+J2H/UPFs8in6t1FNcX cuYxdXkjSJYgh+uUo6KG3sRnAmknfVUF8BBJ6x+YzZ+OLu6Csvy/gKlNxmSREQo6ZILKBxCudZ+K E8/yndHUbipsVkRtpBpHzErbIOteELP5makHvg== )`
	RRSIG=46441 and DNSKEY=46441 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to c.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 291 octets ;; HEADER SECTION ;; id = 43179 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to a.ns.gov for capitolgiftshop.gov/A
	Received 414 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 414 octets ;; HEADER SECTION ;; id = 21608 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 3 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 10800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 10800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 10800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 10800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20250706201734 20250704181734 35496 gov. IvPpmXrk20I9PTA7gfpdGcVkpIGF23JQhWnc1ueFpkf+7VXA0nPYoaCED0ZVEjoZgNOtYbyNbRWz xoIchC7g3A== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 ;; { "EDNS-VERSION": 0 }
	Query to c.ns.gov for capitolgiftshop.gov/DNSKEY
	Received 414 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 414 octets ;; HEADER SECTION ;; id = 8093 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 3 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 10800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 10800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 10800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 10800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20250706201734 20250704181734 35496 gov. HxjehM85YRFEOxksalLcxgBNVz+wWfukAgTK3h9/TrOCIhtysuiQeTI8ioLrr/OOL8LGBfTyNhbS A1HYd2fC4Q== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 ;; { "EDNS-VERSION": 0 }
	Found child zone capitolgiftshop.gov

capitolgiftshop.gov

	Checking DS between gov and capitolgiftshop.gov
	Query to b.ns.gov for capitolgiftshop.gov/DS
	Received 231 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 231 octets ;; HEADER SECTION ;; id = 26325 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DS ;; ANSWER SECTION (3 records) capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20250706201734 20250704181734 35496 gov. SdNgvZnM5dVypMAZIcxyZb3bJ/fBiX/kQsYuf5Ngi1u79iSEuV75SB2oa17AeeA1xjMVypjz9oM3 w5n4lefwow== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DS records for capitolgiftshop.gov in the gov zone
	DS=62962/SHA-1 uses a deprecated digest algorithm
	DS=62962/SHA-1 has algorithm RSASHA256
	DS=62962/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20250706201734 20250704181734 35496 gov. SdNgvZnM5dVypMAZIcxyZb3bJ/fBiX/kQsYuf5Ngi1u79iSEuV75SB2oa17AeeA1xjMVypjz9oM3 w5n4lefwow== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=62962/SHA-1 is now in the chain-of-trust
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 )`
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c )`
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/DNSKEY
	Received 1106 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 1106 octets ;; HEADER SECTION ;; id = 938 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (5 records) capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAbmjK/kvxNBVsHQLEjtOmSJNrcPfI+VtKifuSJegoTBfW2bYXkD2IP7aw6J1wE4c51GIaFUq DPKL/xMsKQB5mCPmb6rh+zt/9lKJtBsWASWqLP0gRpmovvRK8oXat2RGAMYRVoWlaCezP1ZvE3W2 Jrl7QyZ7zgOqq2Ct5UBTf0U3xNiqHBLvQmGw/cxDUo+2MXZNN+VpcaHsg0p7YMVqfQCaQQ+tk76h NiGmSlgxmN9Grcb6pCCxjtjwy53GTy6CBd3eQqVZ6ZR81OPVNeC709lVfIQ6l3bHe7lWYMluD5BV u4QPCbePa+rS45e7596WOmxa602xEv4KwCPW1hdQ/pM= ) ; keytag 32116 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAcmSQtoRVv9JqZubZh3g6uGrjvhZYsqQFaAbWZhxA581WUKrA392cDee9J+0rVJKq1WHcWCS lrTzxUOg2/Mz4aSxnmv/y8MA/CVmhfknFoIUglY3ilYasJjKIB9TmcKIG3QSLIbBwT36QYqjI8La JcA2uXzKK3Igrl0WsuiRzHxT ) ; keytag 7365 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAc9l/FBTZaq5/mCyKWvKLhuWnoyclIp/2Pw+xbQmECXSnvYGl/YA3PmQlqkM5WokfLJ2mBLz op10376JtLpt6pLgJtsYHFSlKXtAsQRvlR7qDph4CMCIAJWAWg6X4fg+DlWEFyJtcZoHZVNRWBWw cQwGv8Yp3SGdAYKXeEaDe0jV ) ; keytag 62695 capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20250709020921 20250705011232 62695 capitolgiftshop.gov. E/dldpp0lJjKavstJVAGcWbeg5ejcQ0mS1DYTUjUJVmASJ5l3JGZ2Dt3X8Bue5U0CJuaNaaW7hhV GMdOsJ3HIFjwNncL/cJNxpepgf4SPe10Z1r0TW28yZDB+QB3PGuRefojiNSoqA9BU+xUCUG4zTP6 5r3vGV2CZWHWQCJEv44= ) capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20250709020921 20250705011232 32116 capitolgiftshop.gov. WrzVI1jNpBxlApbHDVneQDC2hmnys1LOlh7It930Spe+dp5ynl3DoTRTA4uNPkDI3CRjNu7L/ovW Z6E9/kmxlafMpDagkAvrgbUehulnuO9y40JT+dQypVXDi5dY8tVAQohcIEWidYUrPiUxUiOxQbkP sBF6wknH3TVJBNGEkBwv1JwdsBkVVGycSUdPkzt7U9Pz6uBtUzJw8h9Djung5deAGJdzWx9AVPLK Awh9YdySHgXEPLerHhfS6opmk9qUrt9T3Rs4a7NsDm75F13BPBUNRzpAx1mql2zXlPF4ZhDG40Vp J+QueD/OvrfL5KKn5cQmctEd3RJMeBXR72TeiA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for capitolgiftshop.gov
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAbmjK/kvxNBVsHQLEjtOmSJNrcPfI+VtKifuSJegoTBfW2bYXkD2IP7aw6J1wE4c51GIaFUq DPKL/xMsKQB5mCPmb6rh+zt/9lKJtBsWASWqLP0gRpmovvRK8oXat2RGAMYRVoWlaCezP1ZvE3W2 Jrl7QyZ7zgOqq2Ct5UBTf0U3xNiqHBLvQmGw/cxDUo+2MXZNN+VpcaHsg0p7YMVqfQCaQQ+tk76h NiGmSlgxmN9Grcb6pCCxjtjwy53GTy6CBd3eQqVZ6ZR81OPVNeC709lVfIQ6l3bHe7lWYMluD5BV u4QPCbePa+rS45e7596WOmxa602xEv4KwCPW1hdQ/pM= ) ; keytag 32116`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAcmSQtoRVv9JqZubZh3g6uGrjvhZYsqQFaAbWZhxA581WUKrA392cDee9J+0rVJKq1WHcWCS lrTzxUOg2/Mz4aSxnmv/y8MA/CVmhfknFoIUglY3ilYasJjKIB9TmcKIG3QSLIbBwT36QYqjI8La JcA2uXzKK3Igrl0WsuiRzHxT ) ; keytag 7365`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAc9l/FBTZaq5/mCyKWvKLhuWnoyclIp/2Pw+xbQmECXSnvYGl/YA3PmQlqkM5WokfLJ2mBLz op10376JtLpt6pLgJtsYHFSlKXtAsQRvlR7qDph4CMCIAJWAWg6X4fg+DlWEFyJtcZoHZVNRWBWw cQwGv8Yp3SGdAYKXeEaDe0jV ) ; keytag 62695`
	DS=62962/SHA-1 is published, but a corresponding DNSKEY is not
	None of the 3 DNSKEY records could be validated by any of the 2 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20250709020921 20250705011232 62695 capitolgiftshop.gov. E/dldpp0lJjKavstJVAGcWbeg5ejcQ0mS1DYTUjUJVmASJ5l3JGZ2Dt3X8Bue5U0CJuaNaaW7hhV GMdOsJ3HIFjwNncL/cJNxpepgf4SPe10Z1r0TW28yZDB+QB3PGuRefojiNSoqA9BU+xUCUG4zTP6 5r3vGV2CZWHWQCJEv44= )`
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20250709020921 20250705011232 32116 capitolgiftshop.gov. WrzVI1jNpBxlApbHDVneQDC2hmnys1LOlh7It930Spe+dp5ynl3DoTRTA4uNPkDI3CRjNu7L/ovW Z6E9/kmxlafMpDagkAvrgbUehulnuO9y40JT+dQypVXDi5dY8tVAQohcIEWidYUrPiUxUiOxQbkP sBF6wknH3TVJBNGEkBwv1JwdsBkVVGycSUdPkzt7U9Pz6uBtUzJw8h9Djung5deAGJdzWx9AVPLK Awh9YdySHgXEPLerHhfS6opmk9qUrt9T3Rs4a7NsDm75F13BPBUNRzpAx1mql2zXlPF4ZhDG40Vp J+QueD/OvrfL5KKn5cQmctEd3RJMeBXR72TeiA== )`
	RRSIG=62695 and DNSKEY=62695 verifies the DNSKEY RRset
	RRSIG=32116 and DNSKEY=32116/SEP verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to authns1.centurylink.net for capitolgiftshop.gov/A
	Received 506 bytes from 63.150.72.4
	;; Response received from [63.150.72.4] 506 octets ;; HEADER SECTION ;; id = 1074 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	authns1.centurylink.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 282 octets ;; HEADER SECTION ;; id = 34945 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3040 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to authns2.centurylink.net for capitolgiftshop.gov/SOA
	Received 610 bytes from 208.44.130.120
	;; Response received from [208.44.130.120] 610 octets ;; HEADER SECTION ;; id = 16492 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 7 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) ;; AUTHORITY SECTION (7 records) capitolgiftshop.gov. 28800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 28800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 28800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 28800 IN RRSIG ( NS 8 2 28800 20250709171056 20250705165637 62695 capitolgiftshop.gov. vo3KM8myxMQYyBY9emtuzkPPBhLdKsbOUWMXfrB+BsSnO5/nP/lbPwU3e0N3w6+srKjtoCWp0nkl eT8M6rlEwerSAiZ5uYhiz1q026ibdUHPCHsbZfwHA/XvcDeuuC8CTAN7icfe6bQ7Hpdlct20Ku4n GcOwi4QhfldV4/xMW70= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	authns2.centurylink.net serial (3041) differs from ns2.comcastbusiness.net serial (3040)
	Query to ns2.aoc.gov for capitolgiftshop.gov/SOA
	Received 285 bytes from 161.197.100.14
	;; Response received from [161.197.100.14] 285 octets ;; HEADER SECTION ;; id = 53622 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.aoc.gov serial (3041) differs from ns2.comcastbusiness.net serial (3040)
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 282 octets ;; HEADER SECTION ;; id = 38824 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3040 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to ns1.aoc.gov for capitolgiftshop.gov/SOA
	Received 285 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 285 octets ;; HEADER SECTION ;; id = 31735 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns1.aoc.gov serial (3041) differs from ns2.comcastbusiness.net serial (3040)
	Query to authns1.centurylink.net for capitolgiftshop.gov/A
	Received 506 bytes from 63.150.72.4
	;; Response received from [63.150.72.4] 506 octets ;; HEADER SECTION ;; id = 61652 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= )`
	RRSIG=62695 and DNSKEY=62695 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= )`
	RRSIG=62695 and DNSKEY=62695 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from [161.197.100.14] 506 octets ;; HEADER SECTION ;; id = 13643 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from [161.197.100.14] 506 octets ;; HEADER SECTION ;; id = 62698 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= )`
	RRSIG=62695 and DNSKEY=62695 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= )`
	RRSIG=62695 and DNSKEY=62695 verifies the SOA RRset

capitolgiftshop.gov

	Query to authns2.centurylink.net for capitolgiftshop.gov/A
	Received 506 bytes from 208.44.130.120
	;; Response received from [208.44.130.120] 506 octets ;; HEADER SECTION ;; id = 10448 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	authns2.centurylink.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to authns2.centurylink.net for capitolgiftshop.gov/A
	Received 506 bytes from 208.44.130.120
	;; Response received from [208.44.130.120] 506 octets ;; HEADER SECTION ;; id = 34860 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= )`
	RRSIG=62695 and DNSKEY=62695 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= )`
	RRSIG=62695 and DNSKEY=62695 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 503 octets ;; HEADER SECTION ;; id = 2966 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3040 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250708175637 20250704171805 62695 capitolgiftshop.gov. kZeMpkKeAqKVD3x4nMvoRlbzZiodUNWzsenZRUdUYE5Y60zTApdc/XOLnLmMUV4XplyJDOhkXJPY c+p2orzD+JYh1+Tpb/yyVm35uPH6e7kQ6ghum3sgU3oB8HABJcozPl7jCUmvDO9Ut46/vq5eIXv9 apypTetrevQs1pAoxoU= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns3.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 503 octets ;; HEADER SECTION ;; id = 55362 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3040 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250708175637 20250704171805 62695 capitolgiftshop.gov. kZeMpkKeAqKVD3x4nMvoRlbzZiodUNWzsenZRUdUYE5Y60zTApdc/XOLnLmMUV4XplyJDOhkXJPY c+p2orzD+JYh1+Tpb/yyVm35uPH6e7kQ6ghum3sgU3oB8HABJcozPl7jCUmvDO9Ut46/vq5eIXv9 apypTetrevQs1pAoxoU= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250708175637 20250704171805 62695 capitolgiftshop.gov. kZeMpkKeAqKVD3x4nMvoRlbzZiodUNWzsenZRUdUYE5Y60zTApdc/XOLnLmMUV4XplyJDOhkXJPY c+p2orzD+JYh1+Tpb/yyVm35uPH6e7kQ6ghum3sgU3oB8HABJcozPl7jCUmvDO9Ut46/vq5eIXv9 apypTetrevQs1pAoxoU= )`
	RRSIG=62695 and DNSKEY=62695 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= )`
	RRSIG=62695 and DNSKEY=62695 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 503 octets ;; HEADER SECTION ;; id = 17127 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3040 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250708175637 20250704171805 62695 capitolgiftshop.gov. kZeMpkKeAqKVD3x4nMvoRlbzZiodUNWzsenZRUdUYE5Y60zTApdc/XOLnLmMUV4XplyJDOhkXJPY c+p2orzD+JYh1+Tpb/yyVm35uPH6e7kQ6ghum3sgU3oB8HABJcozPl7jCUmvDO9Ut46/vq5eIXv9 apypTetrevQs1pAoxoU= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 503 octets ;; HEADER SECTION ;; id = 11389 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3040 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250708175637 20250704171805 62695 capitolgiftshop.gov. kZeMpkKeAqKVD3x4nMvoRlbzZiodUNWzsenZRUdUYE5Y60zTApdc/XOLnLmMUV4XplyJDOhkXJPY c+p2orzD+JYh1+Tpb/yyVm35uPH6e7kQ6ghum3sgU3oB8HABJcozPl7jCUmvDO9Ut46/vq5eIXv9 apypTetrevQs1pAoxoU= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250708175637 20250704171805 62695 capitolgiftshop.gov. kZeMpkKeAqKVD3x4nMvoRlbzZiodUNWzsenZRUdUYE5Y60zTApdc/XOLnLmMUV4XplyJDOhkXJPY c+p2orzD+JYh1+Tpb/yyVm35uPH6e7kQ6ghum3sgU3oB8HABJcozPl7jCUmvDO9Ut46/vq5eIXv9 apypTetrevQs1pAoxoU= )`
	RRSIG=62695 and DNSKEY=62695 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20250709021232 20250705011232 62695 capitolgiftshop.gov. D/5Cnz4lpUPVLaBInWsjNC0BIiogqSOGHzEvAPUcHAjG1bj7etNm1eGFPfuiHOmyE0vn6REvMK93 tGatzPdM5B6gcB5RopNS2ktxhPsV3k5OrUdswleFpENVRJRb+XAanhOH0VnosQWrnOFIyqQvBNGU JAq8g7enmqfGHRsJ+eg= )`
	RRSIG=62695 and DNSKEY=62695 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 506 octets ;; HEADER SECTION ;; id = 39554 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns1.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 506 octets ;; HEADER SECTION ;; id = 21672 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3041 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20250709171056 20250705165637 62695 capitolgiftshop.gov. p9oyapsXfvqEoBExwrqf+ON4P/YDizmZPR9Rjsaee1L24kMRxAW0wX5HKu+R4xG+5LCfnicoiKTX 3O/X7r7NEkPAQERk+ASSbYFoovZyvNe1zj5ENpkgmKG94Ch9S4BLb3DWRt81LSnHkV6Yr8Xa/CRk gaxIh5YItkwYL09xfn4= )`
	RRSIG=62695 and DNSKEY=62695 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20250709175637 20250705165637 62695 capitolgiftshop.gov. GolE0WrB0tyD/UCoXlBmDSK0hrk+WT4C2PHF8GPfKL8kDtJAmEl8i00cnApOdgFOLNNu9AP8NOLo F0NpdqKYT9i7hTIIsr8MxOavGsAPhwcqyCrJgzvleChKlQP4svE/H6ELbb/BuV1TgOPlj0QUv+aC Hp/YD/fjswEXpYZ+5pQ= )`
	RRSIG=62695 and DNSKEY=62695 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test capitolgiftshop.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: