DNSSEC Debugger - capitolgiftshop.gov

Back to Verisign Labs Tools

Domain Name:

Detail: more(+) / less(-)

Time: 2026-05-18 13:13:53 UTC

Analyzing DNSSEC problems for capitolgiftshop.gov

DS=20326/SHA-256 is now in the chain-of-trust

DS=38696/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	`. IN DS ( 38696 8 2 683d2d0acb8c9b712a1948b27f741219298d0a450d612c483af444a4c0fb2b16 )`
	Query to c.root-servers.net for ./DNSKEY
	Received 1141 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 1141 octets ;; HEADER SECTION ;; id = 64909 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260601000000 20260511000000 20326 . Psn+BsMNwRdKsw1pSQPmOm/QeUqgjveusWdT5NL9sOxccMKpzbYOgLqYNmJsOrAjj0MDy0/X/xbU gAGdRVuOt9mv4yk+TaBs7rpd0IgDZu++2bIAvxu3W82fKEKpJqLucDiPu1l+GKZ87zRYrJrQZZWk 01LmCEIIED9P62/QbhdDVIG3ZdcvXQpRPjWyQOom2tZ0APZ+59PyOxjNMgnOaeoAD8QWZ+iKVY8k o2GRoHRqrzEq46SGDh1YuFxuw67oG7mn+Mt2b9HUjYWgQCvBRSUMb4XRxhNnKQiOS4ECEXCDozMD yXk8727l6bFK0THkaFEqW64F/5CAL8adNRyUoQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	DNSKEY=38696/SEP is now in the chain-of-trust
	DS=38696/SHA-256 verifies DNSKEY=38696/SEP
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260601000000 20260511000000 20326 . Psn+BsMNwRdKsw1pSQPmOm/QeUqgjveusWdT5NL9sOxccMKpzbYOgLqYNmJsOrAjj0MDy0/X/xbU gAGdRVuOt9mv4yk+TaBs7rpd0IgDZu++2bIAvxu3W82fKEKpJqLucDiPu1l+GKZ87zRYrJrQZZWk 01LmCEIIED9P62/QbhdDVIG3ZdcvXQpRPjWyQOom2tZ0APZ+59PyOxjNMgnOaeoAD8QWZ+iKVY8k o2GRoHRqrzEq46SGDh1YuFxuw67oG7mn+Mt2b9HUjYWgQCvBRSUMb4XRxhNnKQiOS4ECEXCDozMD yXk8727l6bFK0THkaFEqW64F/5CAL8adNRyUoQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=54393 is now in the chain-of-trust
	Query to f.root-servers.net for capitolgiftshop.gov/A
	Received 626 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 626 octets ;; HEADER SECTION ;; id = 48976 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260531050000 20260518040000 54393 . DFXN/6vJ9KWXjAil9IXn+Bqyq2L9NwgTwCV5f5KA7hsXcNe530vdj3jsdrQ7dJ03J4HV2PvOdrQO NVxyQ/OgdLnqsFTOCz9i+QRPGcAGGjKYc8H1EqDzIn7iVVcgLeq82YhGHBKXtceBEDQklqkyMHr0 cusJW8k8OBluZjtz6gLBHODkKZKIlArsFTrYxvPqfOaDCmVx1SDKaWca7pGyb1jPVB820bSW9Uxr 2iFGUW7hV+bR1OVtqKsxV8WFjOdoxbKXMIyX+th6pCtOAXGylfhVRZWyyC3UM4XXWSweS/PddR94 /Xoeme7GdeeHNG+IGSngBYPKhGJVmbOsmJ6bYg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to b.root-servers.net for gov/DNSKEY
	Received 610 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 610 octets ;; HEADER SECTION ;; id = 12829 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260531050000 20260518040000 54393 . DFXN/6vJ9KWXjAil9IXn+Bqyq2L9NwgTwCV5f5KA7hsXcNe530vdj3jsdrQ7dJ03J4HV2PvOdrQO NVxyQ/OgdLnqsFTOCz9i+QRPGcAGGjKYc8H1EqDzIn7iVVcgLeq82YhGHBKXtceBEDQklqkyMHr0 cusJW8k8OBluZjtz6gLBHODkKZKIlArsFTrYxvPqfOaDCmVx1SDKaWca7pGyb1jPVB820bSW9Uxr 2iFGUW7hV+bR1OVtqKsxV8WFjOdoxbKXMIyX+th6pCtOAXGylfhVRZWyyC3UM4XXWSweS/PddR94 /Xoeme7GdeeHNG+IGSngBYPKhGJVmbOsmJ6bYg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to i.root-servers.net for gov/DS
	Received 367 bytes from 192.36.148.17
	;; Response received from [192.36.148.17] 367 octets ;; HEADER SECTION ;; id = 49077 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260531050000 20260518040000 54393 . DFXN/6vJ9KWXjAil9IXn+Bqyq2L9NwgTwCV5f5KA7hsXcNe530vdj3jsdrQ7dJ03J4HV2PvOdrQO NVxyQ/OgdLnqsFTOCz9i+QRPGcAGGjKYc8H1EqDzIn7iVVcgLeq82YhGHBKXtceBEDQklqkyMHr0 cusJW8k8OBluZjtz6gLBHODkKZKIlArsFTrYxvPqfOaDCmVx1SDKaWca7pGyb1jPVB820bSW9Uxr 2iFGUW7hV+bR1OVtqKsxV8WFjOdoxbKXMIyX+th6pCtOAXGylfhVRZWyyC3UM4XXWSweS/PddR94 /Xoeme7GdeeHNG+IGSngBYPKhGJVmbOsmJ6bYg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20260531050000 20260518040000 54393 . DFXN/6vJ9KWXjAil9IXn+Bqyq2L9NwgTwCV5f5KA7hsXcNe530vdj3jsdrQ7dJ03J4HV2PvOdrQO NVxyQ/OgdLnqsFTOCz9i+QRPGcAGGjKYc8H1EqDzIn7iVVcgLeq82YhGHBKXtceBEDQklqkyMHr0 cusJW8k8OBluZjtz6gLBHODkKZKIlArsFTrYxvPqfOaDCmVx1SDKaWca7pGyb1jPVB820bSW9Uxr 2iFGUW7hV+bR1OVtqKsxV8WFjOdoxbKXMIyX+th6pCtOAXGylfhVRZWyyC3UM4XXWSweS/PddR94 /Xoeme7GdeeHNG+IGSngBYPKhGJVmbOsmJ6bYg== )`
	RRSIG=54393 and DNSKEY=54393 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 15710 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260629110631 20260429110631 2536 gov. Qgg1Es4+aI25z77ca9+WmIAaFsRI1wiscuQzcuuAK15yizXJ6wuX65HcUGGl9pFfsu4GhrEbjll6 Nm0OGkUh0A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260629110631 20260429110631 2536 gov. Qgg1Es4+aI25z77ca9+WmIAaFsRI1wiscuQzcuuAK15yizXJ6wuX65HcUGGl9pFfsu4GhrEbjll6 Nm0OGkUh0A== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to c.ns.gov for capitolgiftshop.gov/A
	Received 414 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 414 octets ;; HEADER SECTION ;; id = 28427 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 3 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 10800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 10800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 10800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 10800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20260519141353 20260517121353 35496 gov. U3lQPXDl5yykKJHEebVnIjQ7L+tA9AW5yJj18Px/z1n3Lt6t4DqAU4bTxNhgtV8zkcThL2W8dAq0 d7EmNF/4cw== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 ;; { "EDNS-VERSION": 0 }
	Query to c.ns.gov for capitolgiftshop.gov/DNSKEY
	Received 414 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 414 octets ;; HEADER SECTION ;; id = 18936 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 3 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 10800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 10800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 10800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 10800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20260519141353 20260517121353 35496 gov. INDXY6VTjlXrL1BLTrl1Nc31Ory9Idos2NdKktWd8w93MMIxPrS03tNi51yiMgnx5t1Y6ak8+PP5 cKGuvq58pQ== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 ;; { "EDNS-VERSION": 0 }
	Found child zone capitolgiftshop.gov

capitolgiftshop.gov

	Checking DS between gov and capitolgiftshop.gov
	Query to a.ns.gov for capitolgiftshop.gov/DS
	Received 231 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 231 octets ;; HEADER SECTION ;; id = 62785 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DS ;; ANSWER SECTION (3 records) capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20260519141353 20260517121353 35496 gov. CTXrGI6wOAzvQEY39Q8o6HTKcOM8ecvA0mS+ZHoW8UTBJGScMZ/4KcN6KnVXvUuBNa5IPT4yUip+ MhaGwj1q5w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DS records for capitolgiftshop.gov in the gov zone
	DS=62962/SHA-1 uses a deprecated digest algorithm
	DS=62962/SHA-1 has algorithm RSASHA256
	DS=62962/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20260519141353 20260517121353 35496 gov. CTXrGI6wOAzvQEY39Q8o6HTKcOM8ecvA0mS+ZHoW8UTBJGScMZ/4KcN6KnVXvUuBNa5IPT4yUip+ MhaGwj1q5w== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=62962/SHA-1 is now in the chain-of-trust
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 )`
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c )`
	Query to authns1.centurylink.net for capitolgiftshop.gov/DNSKEY
	authns1.centurylink.net returns REFUSED for capitolgiftshop.gov/DNSKEY
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/DNSKEY
	Received 1254 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 1254 octets ;; HEADER SECTION ;; id = 49392 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 6 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (6 records) capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAbrzjPrrtqC60HwV/wfBl0y2Xyz1QSV1w1jFA9scNMYZu664vmjkREuWo4tLoMrqSqNPBbWR cxpj29yyaLEzOSWq0SIb18tLo5TUtTCR4Koss7KuLUzEnDUJc+R2l0vfsZTm2KQgzbjj2nvbKdi0 pa20CgHhAsml5RKYZlOlsuSH ) ; keytag 55663 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAb2Hl0C0FT9aK9ManBHtyKL3RAlO0b5XzVuZZ3JnVU2utCNZX+PC5OKjqrSrQ8xSJLIqv1Ya IM4BxVAWfrPwM8M4OdPTCDwY6nvab4UGh5eDTENGPK//EaWQRz3iQn/xfH4ym2MUCzjEDV+l6CzQ u8UR9feEG3xYruLu5B+IcQ9x ) ; keytag 57286 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAd+vPGf9ovHfX06cFIKR/iV+aOk84Ou+jy3+bHLgW2qOY43iOYMU9JmmutnoaWO7xVlrZxtw ZCuDizqRsY/Qtf4dOUxnczt6/DfdC3jkEowusvFyqZ0VYIYMSw1Gs7qLuLbbvPz/GNZB65ZSQe70 QmZdoBIjWGMirP/TKDkcrYOj ) ; keytag 37096 capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAbmjK/kvxNBVsHQLEjtOmSJNrcPfI+VtKifuSJegoTBfW2bYXkD2IP7aw6J1wE4c51GIaFUq DPKL/xMsKQB5mCPmb6rh+zt/9lKJtBsWASWqLP0gRpmovvRK8oXat2RGAMYRVoWlaCezP1ZvE3W2 Jrl7QyZ7zgOqq2Ct5UBTf0U3xNiqHBLvQmGw/cxDUo+2MXZNN+VpcaHsg0p7YMVqfQCaQQ+tk76h NiGmSlgxmN9Grcb6pCCxjtjwy53GTy6CBd3eQqVZ6ZR81OPVNeC709lVfIQ6l3bHe7lWYMluD5BV u4QPCbePa+rS45e7596WOmxa602xEv4KwCPW1hdQ/pM= ) ; keytag 32116 capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20260522073751 20260518073709 32116 capitolgiftshop.gov. PpUBSEIIlLXyLdMPE6cjrZ9Ys9E2BLns7N+wz6am1QWmv0nNfEKjwdQ+NYq0cJEtAlZalMnOmYK+ 9MCHPjc88Bg8eJMVKF64eeOBhA17fOOgo74YWUBHIOpkf8S+pO50SfNTjsG4gx63dZeNNMk1aAht HgLkCrLh1+O5I/2GFME1umZH8wweXc/XJlgrou6Arwtzvq49cP5dPftyXQmQCTeSMsr1vtyumLBB 2+mtu5s7op/QH+Kq+EzIxMgnhhWyRxf4BBhIQRv6z7C5qdRMce8/nfI4lg19PZIZ3pOD20RNTCyU 3geR5+I8jwzVg0RcXuWjaP7yghASfYxX02E0jg== ) capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20260522073751 20260518073709 57286 capitolgiftshop.gov. V+8v/xkf0AhZD9HPrL/jPmJjmDOXh1uGfzzdOUkaR1NdDwI1YfVOR1TGMBF9zpA5wg9CsiFzbPS5 pJL+XXPJ71w6bV3FI/TsYYxENmshB+hO0T/uLusyN6BbaKnE58m/NRLl0pXtQ1c2zqYMRsvt4SYC JyNPcE4UYTBVlAIt/sY= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for capitolgiftshop.gov
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAbrzjPrrtqC60HwV/wfBl0y2Xyz1QSV1w1jFA9scNMYZu664vmjkREuWo4tLoMrqSqNPBbWR cxpj29yyaLEzOSWq0SIb18tLo5TUtTCR4Koss7KuLUzEnDUJc+R2l0vfsZTm2KQgzbjj2nvbKdi0 pa20CgHhAsml5RKYZlOlsuSH ) ; keytag 55663`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAb2Hl0C0FT9aK9ManBHtyKL3RAlO0b5XzVuZZ3JnVU2utCNZX+PC5OKjqrSrQ8xSJLIqv1Ya IM4BxVAWfrPwM8M4OdPTCDwY6nvab4UGh5eDTENGPK//EaWQRz3iQn/xfH4ym2MUCzjEDV+l6CzQ u8UR9feEG3xYruLu5B+IcQ9x ) ; keytag 57286`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAd+vPGf9ovHfX06cFIKR/iV+aOk84Ou+jy3+bHLgW2qOY43iOYMU9JmmutnoaWO7xVlrZxtw ZCuDizqRsY/Qtf4dOUxnczt6/DfdC3jkEowusvFyqZ0VYIYMSw1Gs7qLuLbbvPz/GNZB65ZSQe70 QmZdoBIjWGMirP/TKDkcrYOj ) ; keytag 37096`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAbmjK/kvxNBVsHQLEjtOmSJNrcPfI+VtKifuSJegoTBfW2bYXkD2IP7aw6J1wE4c51GIaFUq DPKL/xMsKQB5mCPmb6rh+zt/9lKJtBsWASWqLP0gRpmovvRK8oXat2RGAMYRVoWlaCezP1ZvE3W2 Jrl7QyZ7zgOqq2Ct5UBTf0U3xNiqHBLvQmGw/cxDUo+2MXZNN+VpcaHsg0p7YMVqfQCaQQ+tk76h NiGmSlgxmN9Grcb6pCCxjtjwy53GTy6CBd3eQqVZ6ZR81OPVNeC709lVfIQ6l3bHe7lWYMluD5BV u4QPCbePa+rS45e7596WOmxa602xEv4KwCPW1hdQ/pM= ) ; keytag 32116`
	DS=62962/SHA-1 is published, but a corresponding DNSKEY is not
	None of the 4 DNSKEY records could be validated by any of the 2 DS records
	Found 2 RRSIGs over DNSKEY RRset
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20260522073751 20260518073709 32116 capitolgiftshop.gov. PpUBSEIIlLXyLdMPE6cjrZ9Ys9E2BLns7N+wz6am1QWmv0nNfEKjwdQ+NYq0cJEtAlZalMnOmYK+ 9MCHPjc88Bg8eJMVKF64eeOBhA17fOOgo74YWUBHIOpkf8S+pO50SfNTjsG4gx63dZeNNMk1aAht HgLkCrLh1+O5I/2GFME1umZH8wweXc/XJlgrou6Arwtzvq49cP5dPftyXQmQCTeSMsr1vtyumLBB 2+mtu5s7op/QH+Kq+EzIxMgnhhWyRxf4BBhIQRv6z7C5qdRMce8/nfI4lg19PZIZ3pOD20RNTCyU 3geR5+I8jwzVg0RcXuWjaP7yghASfYxX02E0jg== )`
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20260522073751 20260518073709 57286 capitolgiftshop.gov. V+8v/xkf0AhZD9HPrL/jPmJjmDOXh1uGfzzdOUkaR1NdDwI1YfVOR1TGMBF9zpA5wg9CsiFzbPS5 pJL+XXPJ71w6bV3FI/TsYYxENmshB+hO0T/uLusyN6BbaKnE58m/NRLl0pXtQ1c2zqYMRsvt4SYC JyNPcE4UYTBVlAIt/sY= )`
	RRSIG=32116 and DNSKEY=32116/SEP verifies the DNSKEY RRset
	RRSIG=57286 and DNSKEY=57286 verifies the DNSKEY RRset
	The DNSKEY RRset was not signed by any trusted keys
	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from [161.197.100.14] 506 octets ;; HEADER SECTION ;; id = 56867 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns1.aoc.gov for capitolgiftshop.gov/SOA
	Received 285 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 285 octets ;; HEADER SECTION ;; id = 47285 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 282 octets ;; HEADER SECTION ;; id = 38057 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to authns2.centurylink.net for capitolgiftshop.gov/SOA
	authns2.centurylink.net returns REFUSED for capitolgiftshop.gov/SOA
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 282 octets ;; HEADER SECTION ;; id = 62372 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= )`
	RRSIG=57286 and DNSKEY=57286 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= )`
	RRSIG=57286 and DNSKEY=57286 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 503 octets ;; HEADER SECTION ;; id = 28485 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= )`
	RRSIG=57286 and DNSKEY=57286 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= )`
	RRSIG=57286 and DNSKEY=57286 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 506 octets ;; HEADER SECTION ;; id = 25461 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns1.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= )`
	RRSIG=57286 and DNSKEY=57286 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= )`
	RRSIG=57286 and DNSKEY=57286 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 503 octets ;; HEADER SECTION ;; id = 46684 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 3537 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns3.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20260522073751 20260518073709 57286 capitolgiftshop.gov. Wt5fbWy7NwxajwjyLH7BKVCRTo5QGbibn4OKgM4hsMIS3m9ORVUbxid52ovlBV2JAU3Bys4vyB2g DWjbDc2huh1mgdfLlGv9UtsUOPtP1Z1UnzVmWzTTgPqCXagaRZAW7Z0zVRVIYvrYhwmJvcjRpdve SsxR2BuTCjuh/bmETVc= )`
	RRSIG=57286 and DNSKEY=57286 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20260522083709 20260518073709 57286 capitolgiftshop.gov. hapxix9CHTcO2us7zTg0lOD45bwHPcFF3Q/yhPsYCeg1ht/kDruPaxYGxVhW2Uih09gyirD/niOg AnWZ8T9ERguHCmhr0LD77OVGfr4aXbG6C346uqpdy4S8G0bMVoAVNfxtTy7A51dYsvnrjyg6aysv 2hIgzYJqQZCII1m0C1w= )`
	RRSIG=57286 and DNSKEY=57286 verifies the SOA RRset

capitolgiftshop.gov

No response from capitolgiftshop.gov nameservers

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test capitolgiftshop.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: