DNSSEC Debugger - capitolgiftshop.gov

Domain Name:

Time: 2024-07-27 08:41:20 UTC

Analyzing DNSSEC problems for capitolgiftshop.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to e.root-servers.net for ./DNSKEY
	Received 864 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 864 octets ;; HEADER SECTION ;; id = 7354 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAdSiy6sslYrcZSGcuMEK4DtE8DZZY1A08kAsviAD49tocYO5m37AvIOyzeiKBWuPuJ4m9u5H onCM/ntxklZKYFyMftv8XoRwbiXdpSjfdpNHiMYTTV2oDUNMjdLFnF6HYSY48xrPbevQOYbAFGHp xqcXAQT0+BaBiAx3Ls6lXBQ3/hSVOprvDWJCQiI2OT+9+saKLddSIX6DwTVy0S5T4YY4EGg5R3c/ eKUb2/8XgKWUzlOIZsVAZZUSTKW0tX54ccAALO7Grvsx/NW62jc1xv6wWAXocOEVgB7+4Lzb7q9p 5o30+sYoGpOsKgFvMSy4oCZTQMQx2Sjd/NG2bMMw6nM= ) ; Key ID = 20038 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20240811000000 20240721000000 20326 . oHsHLvNMC6b1tY+OF7BG9etZbZMixRQiBD6gzpzdD32m4l0Vdh6yO0vA6ECQ3PMHihplvZGlYgZc aow5WFWod7FGAufSncGrrX+55sXKn4I/cZhBfPYh3WCCI+H7Ug29tV81VkeHSJgVd3q5LfUVYkun Czoysi01iU48KefmKZAGqzPINkOwRJT76+lyrOzSVQWvYStWsR5EGSvPQ1/tJQXOIzaEzuDDFp50 2fCJqX9CK9LcjCeleXpeDfdH+7Kk1TqRMrRHt3ehRsqh4yuR5buq+p+lCsHht28vdgjADBehrqmb hv6MGoBE3QK+rW5xuHqlu3jRV15JBY3/NnDSyQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAdSiy6sslYrcZSGcuMEK4DtE8DZZY1A08kAsviAD49tocYO5m37AvIOyzeiKBWuPuJ4m9u5H onCM/ntxklZKYFyMftv8XoRwbiXdpSjfdpNHiMYTTV2oDUNMjdLFnF6HYSY48xrPbevQOYbAFGHp xqcXAQT0+BaBiAx3Ls6lXBQ3/hSVOprvDWJCQiI2OT+9+saKLddSIX6DwTVy0S5T4YY4EGg5R3c/ eKUb2/8XgKWUzlOIZsVAZZUSTKW0tX54ccAALO7Grvsx/NW62jc1xv6wWAXocOEVgB7+4Lzb7q9p 5o30+sYoGpOsKgFvMSy4oCZTQMQx2Sjd/NG2bMMw6nM= ) ; Key ID = 20038`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20240811000000 20240721000000 20326 . oHsHLvNMC6b1tY+OF7BG9etZbZMixRQiBD6gzpzdD32m4l0Vdh6yO0vA6ECQ3PMHihplvZGlYgZc aow5WFWod7FGAufSncGrrX+55sXKn4I/cZhBfPYh3WCCI+H7Ug29tV81VkeHSJgVd3q5LfUVYkun Czoysi01iU48KefmKZAGqzPINkOwRJT76+lyrOzSVQWvYStWsR5EGSvPQ1/tJQXOIzaEzuDDFp50 2fCJqX9CK9LcjCeleXpeDfdH+7Kk1TqRMrRHt3ehRsqh4yuR5buq+p+lCsHht28vdgjADBehrqmb hv6MGoBE3QK+rW5xuHqlu3jRV15JBY3/NnDSyQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=20038 is now in the chain-of-trust
	Query to e.root-servers.net for capitolgiftshop.gov/A
	Received 626 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 626 octets ;; HEADER SECTION ;; id = 39684 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20240809050000 20240727040000 20038 . AUJBLpsUhWKjE6dvMcdfbNONvje+uhwNLO9U8w0BFf/JStvB2H0cug3378rsp9TixmL2Pl6iTnxd lIfGy7ce2UkJPmpABWGQvbaWBcMX8soIXD030Mcbhv+h41nzZxVt9/WdlTodaIporR4FVILyk+oE RwKwb9OCynYtshegCeic9ZY7wQvFCu9loycFBl8e3GXXzYE3MSNK9n5+PKNfF+MDRU1y8c9p9zOI dDogCAmpnHkIMy3LIr7EAWv0wQTYXji7Voiune7KF9bI/ziD+mGiX1h0B3+ubkK9XkKiMFVc+LX9 hn8F07K6wY1AhiYRgcg3u7mxEAZnJ36jApTVtQ== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to b.root-servers.net for gov/DNSKEY
	Received 610 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 610 octets ;; HEADER SECTION ;; id = 38517 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20240809050000 20240727040000 20038 . AUJBLpsUhWKjE6dvMcdfbNONvje+uhwNLO9U8w0BFf/JStvB2H0cug3378rsp9TixmL2Pl6iTnxd lIfGy7ce2UkJPmpABWGQvbaWBcMX8soIXD030Mcbhv+h41nzZxVt9/WdlTodaIporR4FVILyk+oE RwKwb9OCynYtshegCeic9ZY7wQvFCu9loycFBl8e3GXXzYE3MSNK9n5+PKNfF+MDRU1y8c9p9zOI dDogCAmpnHkIMy3LIr7EAWv0wQTYXji7Voiune7KF9bI/ziD+mGiX1h0B3+ubkK9XkKiMFVc+LX9 hn8F07K6wY1AhiYRgcg3u7mxEAZnJ36jApTVtQ== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to e.root-servers.net for gov/DS
	Received 367 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 367 octets ;; HEADER SECTION ;; id = 15625 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20240809050000 20240727040000 20038 . AUJBLpsUhWKjE6dvMcdfbNONvje+uhwNLO9U8w0BFf/JStvB2H0cug3378rsp9TixmL2Pl6iTnxd lIfGy7ce2UkJPmpABWGQvbaWBcMX8soIXD030Mcbhv+h41nzZxVt9/WdlTodaIporR4FVILyk+oE RwKwb9OCynYtshegCeic9ZY7wQvFCu9loycFBl8e3GXXzYE3MSNK9n5+PKNfF+MDRU1y8c9p9zOI dDogCAmpnHkIMy3LIr7EAWv0wQTYXji7Voiune7KF9bI/ziD+mGiX1h0B3+ubkK9XkKiMFVc+LX9 hn8F07K6wY1AhiYRgcg3u7mxEAZnJ36jApTVtQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20240809050000 20240727040000 20038 . AUJBLpsUhWKjE6dvMcdfbNONvje+uhwNLO9U8w0BFf/JStvB2H0cug3378rsp9TixmL2Pl6iTnxd lIfGy7ce2UkJPmpABWGQvbaWBcMX8soIXD030Mcbhv+h41nzZxVt9/WdlTodaIporR4FVILyk+oE RwKwb9OCynYtshegCeic9ZY7wQvFCu9loycFBl8e3GXXzYE3MSNK9n5+PKNfF+MDRU1y8c9p9zOI dDogCAmpnHkIMy3LIr7EAWv0wQTYXji7Voiune7KF9bI/ziD+mGiX1h0B3+ubkK9XkKiMFVc+LX9 hn8F07K6wY1AhiYRgcg3u7mxEAZnJ36jApTVtQ== )`
	RRSIG=20038 and DNSKEY=20038 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 11304 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; Key ID = 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; Key ID = 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20240919110526 20240720110526 2536 gov. HdS8shIfEbsTrkW5QWcemVuIGkuI/xGvzvDYxBTf/LuRRNzN5FvUA1PbOTLXYLEfPZkeLTC07umN zFbL4Pqx9w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; Key ID = 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; Key ID = 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20240919110526 20240720110526 2536 gov. HdS8shIfEbsTrkW5QWcemVuIGkuI/xGvzvDYxBTf/LuRRNzN5FvUA1PbOTLXYLEfPZkeLTC07umN zFbL4Pqx9w== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to a.ns.gov for capitolgiftshop.gov/A
	Received 414 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 414 octets ;; HEADER SECTION ;; id = 27381 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 9 arcount = 3 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 10800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 10800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 10800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 10800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20240728094120 20240726074120 35496 gov. xjp8CdYvilCwKL0iaWr9qhiDhktkWyCVvBLomjx/FKIwtmzCQMoLe6d7pbdBmVmrXi9YGEV6vak8 DMqsB++RTw== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 ;; { "EDNS-VERSION": 0 }
	Query to c.ns.gov for capitolgiftshop.gov/DNSKEY
	Received 414 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 414 octets ;; HEADER SECTION ;; id = 6122 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 9 arcount = 3 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 10800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 10800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 10800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 10800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 10800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20240728094120 20240726074120 35496 gov. HFpFWPnM1tpSgnr/20OzN7AzGsxvqXlrFF5hag9I+5679rS74bZMNAYt92kcmbz0C6EgAUxB0HLR WSjZzXAzlQ== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 ;; { "EDNS-VERSION": 0 }
	Found child zone capitolgiftshop.gov

capitolgiftshop.gov

	Checking DS between gov and capitolgiftshop.gov
	Query to a.ns.gov for capitolgiftshop.gov/DS
	Received 231 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 231 octets ;; HEADER SECTION ;; id = 54079 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DS ;; ANSWER SECTION (3 records) capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20240728094120 20240726074120 35496 gov. QhMQJddlhaxb0/m8lfHdNH53OHVzxseXGIe+/zV2xUmjwuSCny8CbdX37jdTXZ7ctPKBRvBKBg20 vpkajYgn0Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DS records for capitolgiftshop.gov in the gov zone
	DS=62962/SHA-1 uses a deprecated digest algorithm
	DS=62962/SHA-1 has algorithm RSASHA256
	DS=62962/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`capitolgiftshop.gov. 3600 IN RRSIG ( DS 13 2 3600 20240728094120 20240726074120 35496 gov. QhMQJddlhaxb0/m8lfHdNH53OHVzxseXGIe+/zV2xUmjwuSCny8CbdX37jdTXZ7ctPKBRvBKBg20 vpkajYgn0Q== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=62962/SHA-1 is now in the chain-of-trust
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 )`
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c )`
	Query to ns1.aoc.gov for capitolgiftshop.gov/DNSKEY
	Received 1837 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 1837 octets ;; HEADER SECTION ;; id = 11821 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 8 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (8 records) capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAcF52/mTYgnyruoxEepJvKNFT48gPzfxtGraWvmpJzhCse0kv2/5bcYKO0qWjtlG9UxQoB7t xPCW/AKk+gG8id6RP68IPt+/IV7peahYMGgKwsRtgIE8ze3B0TDH4ZvGczWh7ytmDvIMAOSal2/J eqAtTpPMtGHShn+1dgOOFUWF ) ; Key ID = 20760 capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAbmjK/kvxNBVsHQLEjtOmSJNrcPfI+VtKifuSJegoTBfW2bYXkD2IP7aw6J1wE4c51GIaFUq DPKL/xMsKQB5mCPmb6rh+zt/9lKJtBsWASWqLP0gRpmovvRK8oXat2RGAMYRVoWlaCezP1ZvE3W2 Jrl7QyZ7zgOqq2Ct5UBTf0U3xNiqHBLvQmGw/cxDUo+2MXZNN+VpcaHsg0p7YMVqfQCaQQ+tk76h NiGmSlgxmN9Grcb6pCCxjtjwy53GTy6CBd3eQqVZ6ZR81OPVNeC709lVfIQ6l3bHe7lWYMluD5BV u4QPCbePa+rS45e7596WOmxa602xEv4KwCPW1hdQ/pM= ) ; Key ID = 32116 capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAaq8ixuzePVVo/LR/7Z6gXRIu9XJ5j7ER6PSXR7E/SirFIsMsVRkGIvp1eDZuCiz1AeoFgP+ 4zE3vTTDIdJXjq/TDM98f5hrbWx98SOI32zjSt5RohxU8P4cFUCDxmRM/8yiJcokQMeSSoXqwfSL XvHTrxE7/4m7aUab/2pseIYxQKkps2f2/zDRA51RP9FQWrWVNl5nr9EK1VHqbXoWagRgv7RTAeXs MvFzWPD2BAL2jpqzScmE2h7iiICg5ZBEMfCBQttob8aGAOpf7tbxuvp5P+MbDu7Uf7rBo/k1TMgf a6KrMXDemH3nyU86CCSLsMVMxhYyp4dTg4GSGaVtTmE= ) ; Key ID = 62962 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAaMzr7R8H3eoDuq44SMEx0HozgxwwH+0HZMzvhSrd37cagobMKdtyDPFLr9uqZ+G2C3iF3of EgjtcTxIovuyhiSPY34HRsrnesYkkVpqqrot3saXaPx5+Cotkg6LKjZhd8mX05NCzjie4SNy0IDi KFnGVVocWUqL9tlxSu3ezAId ) ; Key ID = 17331 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAa6I526wG03KG+RWAExdJanj/rxeHVsG+gghCyQUqrOi3ueLt0ou06iDcPUAIdrkIGSEbHaS Oj58ebrPcpJFUPuVuPthzEd7cZ6UAyZi3JI1/ZQgo/LIEkc5KeRqDyisQ+YJJTt/tVI8mZpsFKS3 9vYaecP+f8JzfZTI9x09U8eF ) ; Key ID = 16654 capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20240730181557 20240726181106 16654 capitolgiftshop.gov. Mt+LNhuXqHhD+LQNU8laJz6h/KfzB+I2/Z6h6XUxyo+4jl54n6AFm66U/VDp78Gm+7g6xaVZeJG/ oCmhUwVGpIOWPTt590BJS7zwF8IHF+JuOU82OENWJX3ho4lB+9SQWPj33Q9ndhH3pTtMNjBX69PA yCdapQP/XAGs9FaiqPo= ) capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20240730181557 20240726181106 32116 capitolgiftshop.gov. hgUduLDEVCC2l6DgD7U3vWfWiEmKV5MNA1ZLEPEm9QybEMIA2oWbp3MPCrNmyFGAiR/qptdehnyW V6/r/FeL2eohlNPsyBFMYysEEsF8oUHtS6/Y/VZKrrX4jqIAHvr9rqyO7/v57o958SE5XO73c5CM l5XEcBkTa7AZUsf/ulcSwCcoaJd1jaD11GlF3XiIMIwRSL53ONBYD0pcTv+LUgQCcLH2ZwyPx/Lb E3LE1ewLgYgO+OMIRnDDHh3qEX/2kWkcxSHkpXsDjXMYBysoh7uY7sq5eCW4ap8UeIyWMqxWRBD2 UKqCnBBzh8MwSVSupEGEmXoKGkJDTDPiCt0CZg== ) capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20240730181557 20240726181106 62962 capitolgiftshop.gov. DPRZJNP+3HzyNUPxRXyYzTVLL+OmXNuyyvtZdyJcUdNHu8eDenyfyQG0ybPDBNeYCDLjEMnOCVuu jxkxUPsUpt4nL8K7L5cK9xcxNiI05rrcx/2OXzd5/jQ/CJ4drFIODcGUmIdhPaILTaq2dcMEX4mf ylmvtUbPLCs8aInhEn3FsnWJgtYf1BfcIgjz0z73bi2+gs88sATgiH4JHe+INhC876CSMN95/Uq6 LdKwhA7qkdGJ8hTI3le7w9cF7vtaxTp+S6egDFNDnh6kHF4rQZ3bLTiys6jZyXvNSXK5ndytoiW+ JUIq0drKn1ICrFO4o3rU1sdeVRCuWuCBuUm/OA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 5 DNSKEY records for capitolgiftshop.gov
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAcF52/mTYgnyruoxEepJvKNFT48gPzfxtGraWvmpJzhCse0kv2/5bcYKO0qWjtlG9UxQoB7t xPCW/AKk+gG8id6RP68IPt+/IV7peahYMGgKwsRtgIE8ze3B0TDH4ZvGczWh7ytmDvIMAOSal2/J eqAtTpPMtGHShn+1dgOOFUWF ) ; Key ID = 20760`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAbmjK/kvxNBVsHQLEjtOmSJNrcPfI+VtKifuSJegoTBfW2bYXkD2IP7aw6J1wE4c51GIaFUq DPKL/xMsKQB5mCPmb6rh+zt/9lKJtBsWASWqLP0gRpmovvRK8oXat2RGAMYRVoWlaCezP1ZvE3W2 Jrl7QyZ7zgOqq2Ct5UBTf0U3xNiqHBLvQmGw/cxDUo+2MXZNN+VpcaHsg0p7YMVqfQCaQQ+tk76h NiGmSlgxmN9Grcb6pCCxjtjwy53GTy6CBd3eQqVZ6ZR81OPVNeC709lVfIQ6l3bHe7lWYMluD5BV u4QPCbePa+rS45e7596WOmxa602xEv4KwCPW1hdQ/pM= ) ; Key ID = 32116`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAaq8ixuzePVVo/LR/7Z6gXRIu9XJ5j7ER6PSXR7E/SirFIsMsVRkGIvp1eDZuCiz1AeoFgP+ 4zE3vTTDIdJXjq/TDM98f5hrbWx98SOI32zjSt5RohxU8P4cFUCDxmRM/8yiJcokQMeSSoXqwfSL XvHTrxE7/4m7aUab/2pseIYxQKkps2f2/zDRA51RP9FQWrWVNl5nr9EK1VHqbXoWagRgv7RTAeXs MvFzWPD2BAL2jpqzScmE2h7iiICg5ZBEMfCBQttob8aGAOpf7tbxuvp5P+MbDu7Uf7rBo/k1TMgf a6KrMXDemH3nyU86CCSLsMVMxhYyp4dTg4GSGaVtTmE= ) ; Key ID = 62962`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAaMzr7R8H3eoDuq44SMEx0HozgxwwH+0HZMzvhSrd37cagobMKdtyDPFLr9uqZ+G2C3iF3of EgjtcTxIovuyhiSPY34HRsrnesYkkVpqqrot3saXaPx5+Cotkg6LKjZhd8mX05NCzjie4SNy0IDi KFnGVVocWUqL9tlxSu3ezAId ) ; Key ID = 17331`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAa6I526wG03KG+RWAExdJanj/rxeHVsG+gghCyQUqrOi3ueLt0ou06iDcPUAIdrkIGSEbHaS Oj58ebrPcpJFUPuVuPthzEd7cZ6UAyZi3JI1/ZQgo/LIEkc5KeRqDyisQ+YJJTt/tVI8mZpsFKS3 9vYaecP+f8JzfZTI9x09U8eF ) ; Key ID = 16654`
	DNSKEY=62962/SEP is now in the chain-of-trust
	DS=62962/SHA-1 verifies DNSKEY=62962/SEP
	DS=62962/SHA-256 verifies DNSKEY=62962/SEP
	Found 3 RRSIGs over DNSKEY RRset
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20240730181557 20240726181106 16654 capitolgiftshop.gov. Mt+LNhuXqHhD+LQNU8laJz6h/KfzB+I2/Z6h6XUxyo+4jl54n6AFm66U/VDp78Gm+7g6xaVZeJG/ oCmhUwVGpIOWPTt590BJS7zwF8IHF+JuOU82OENWJX3ho4lB+9SQWPj33Q9ndhH3pTtMNjBX69PA yCdapQP/XAGs9FaiqPo= )`
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20240730181557 20240726181106 32116 capitolgiftshop.gov. hgUduLDEVCC2l6DgD7U3vWfWiEmKV5MNA1ZLEPEm9QybEMIA2oWbp3MPCrNmyFGAiR/qptdehnyW V6/r/FeL2eohlNPsyBFMYysEEsF8oUHtS6/Y/VZKrrX4jqIAHvr9rqyO7/v57o958SE5XO73c5CM l5XEcBkTa7AZUsf/ulcSwCcoaJd1jaD11GlF3XiIMIwRSL53ONBYD0pcTv+LUgQCcLH2ZwyPx/Lb E3LE1ewLgYgO+OMIRnDDHh3qEX/2kWkcxSHkpXsDjXMYBysoh7uY7sq5eCW4ap8UeIyWMqxWRBD2 UKqCnBBzh8MwSVSupEGEmXoKGkJDTDPiCt0CZg== )`
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20240730181557 20240726181106 62962 capitolgiftshop.gov. DPRZJNP+3HzyNUPxRXyYzTVLL+OmXNuyyvtZdyJcUdNHu8eDenyfyQG0ybPDBNeYCDLjEMnOCVuu jxkxUPsUpt4nL8K7L5cK9xcxNiI05rrcx/2OXzd5/jQ/CJ4drFIODcGUmIdhPaILTaq2dcMEX4mf ylmvtUbPLCs8aInhEn3FsnWJgtYf1BfcIgjz0z73bi2+gs88sATgiH4JHe+INhC876CSMN95/Uq6 LdKwhA7qkdGJ8hTI3le7w9cF7vtaxTp+S6egDFNDnh6kHF4rQZ3bLTiys6jZyXvNSXK5ndytoiW+ JUIq0drKn1ICrFO4o3rU1sdeVRCuWuCBuUm/OA== )`
	RRSIG=16654 and DNSKEY=16654 verifies the DNSKEY RRset
	RRSIG=32116 and DNSKEY=32116/SEP verifies the DNSKEY RRset
	RRSIG=62962 and DNSKEY=62962/SEP verifies the DNSKEY RRset
	DNSKEY=20760 is now in the chain-of-trust
	DNSKEY=32116/SEP is now in the chain-of-trust
	DNSKEY=17331 is now in the chain-of-trust
	DNSKEY=16654 is now in the chain-of-trust
	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from [161.197.100.14] 506 octets ;; HEADER SECTION ;; id = 38417 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 282 octets ;; HEADER SECTION ;; id = 50247 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to authns1.centurylink.net for capitolgiftshop.gov/SOA
	Received 1058 bytes from 63.150.72.4
	;; Response received from [63.150.72.4] 1058 octets ;; HEADER SECTION ;; id = 27835 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 7 arcount = 9 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) ;; AUTHORITY SECTION (7 records) capitolgiftshop.gov. 28800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 28800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 28800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 28800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 28800 IN RRSIG ( NS 8 2 28800 20240730181557 20240726181106 16654 capitolgiftshop.gov. ZTjg5vbtt76Xypgn923qJpLv+9DxDcIbNI3ZhRWt2jnk7IoJu9kjiJRhalev2f+QCHNxiDeJOKLn sNbDWiSpf8eiRvoIz8wMaek2QwkwGnkldhsJ35Um0ajnrKuOqyBSmJHpnSBX/PZlNFRDiRdrPihL iHY/gq3jNcc5AR8sorI= ) ;; ADDITIONAL SECTION (9 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 authns1.centurylink.net. 600 IN A 63.150.72.4 authns2.centurylink.net. 600 IN A 208.44.130.120 authns1.centurylink.net. 300 IN AAAA 2001:428::5 authns2.centurylink.net. 300 IN AAAA 2001:428::6 ns1.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20240731075945 20240727070259 40156 aoc.gov. CFK48XnQO+sm1P7Z1EMIZZDrUJPi+np54FpTNMCAIwec+0HGf47xelH7ZC6r0cjOcTInI9cS39S0 wdLuw0mDY0mWX8r0FAQYxSeViMUy4ZGxvbpag52TOJDR9BtQwTTHD/ySF6mGkUBgz+Ys4xGwo0UP IPk4Qf3CxVsSRHXWpg8= ) ns2.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20240731070015 20240727063033 40156 aoc.gov. ddNspG0cOkTzOpqOhMpDQEPuLFhrUDAgszMLU/04pC+ROsxAyXLGdiMYK1LRkRs5hvrFD77pcn3f CgTj5yd2ywoRoXD/GSzRms7KTLQN2AcnOunxV0WxO1VWB7FYDsvOyPRt1gZYep6Ivy8T7fqKEZxa PMq2OvuAOk8zrLXiiFA= ) ;; { "EDNS-VERSION": 0 }
	Query to authns2.centurylink.net for capitolgiftshop.gov/SOA
	Received 1058 bytes from 208.44.130.120
	;; Response received from [208.44.130.120] 1058 octets ;; HEADER SECTION ;; id = 4996 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 7 arcount = 9 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) ;; AUTHORITY SECTION (7 records) capitolgiftshop.gov. 28800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 28800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 28800 IN RRSIG ( NS 8 2 28800 20240730181557 20240726181106 16654 capitolgiftshop.gov. ZTjg5vbtt76Xypgn923qJpLv+9DxDcIbNI3ZhRWt2jnk7IoJu9kjiJRhalev2f+QCHNxiDeJOKLn sNbDWiSpf8eiRvoIz8wMaek2QwkwGnkldhsJ35Um0ajnrKuOqyBSmJHpnSBX/PZlNFRDiRdrPihL iHY/gq3jNcc5AR8sorI= ) ;; ADDITIONAL SECTION (9 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 authns1.centurylink.net. 600 IN A 63.150.72.4 authns2.centurylink.net. 600 IN A 208.44.130.120 authns1.centurylink.net. 300 IN AAAA 2001:428::5 authns2.centurylink.net. 300 IN AAAA 2001:428::6 ns1.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20240731075945 20240727070259 40156 aoc.gov. CFK48XnQO+sm1P7Z1EMIZZDrUJPi+np54FpTNMCAIwec+0HGf47xelH7ZC6r0cjOcTInI9cS39S0 wdLuw0mDY0mWX8r0FAQYxSeViMUy4ZGxvbpag52TOJDR9BtQwTTHD/ySF6mGkUBgz+Ys4xGwo0UP IPk4Qf3CxVsSRHXWpg8= ) ns2.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20240731070015 20240727063033 40156 aoc.gov. ddNspG0cOkTzOpqOhMpDQEPuLFhrUDAgszMLU/04pC+ROsxAyXLGdiMYK1LRkRs5hvrFD77pcn3f CgTj5yd2ywoRoXD/GSzRms7KTLQN2AcnOunxV0WxO1VWB7FYDsvOyPRt1gZYep6Ivy8T7fqKEZxa PMq2OvuAOk8zrLXiiFA= ) ;; { "EDNS-VERSION": 0 }
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 282 octets ;; HEADER SECTION ;; id = 38973 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to ns1.aoc.gov for capitolgiftshop.gov/SOA
	Received 285 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 285 octets ;; HEADER SECTION ;; id = 7564 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from [161.197.100.14] 506 octets ;; HEADER SECTION ;; id = 6079 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= )`
	RRSIG=16654 and DNSKEY=16654 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= )`
	RRSIG=16654 and DNSKEY=16654 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 506 octets ;; HEADER SECTION ;; id = 41815 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns1.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from [161.197.102.14] 506 octets ;; HEADER SECTION ;; id = 54743 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1220, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= )`
	RRSIG=16654 and DNSKEY=16654 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= )`
	RRSIG=16654 and DNSKEY=16654 verifies the SOA RRset

capitolgiftshop.gov

	Query to authns2.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 208.44.130.120
	;; Response received from [208.44.130.120] 503 octets ;; HEADER SECTION ;; id = 28954 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	authns2.centurylink.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to authns2.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 208.44.130.120
	;; Response received from [208.44.130.120] 503 octets ;; HEADER SECTION ;; id = 868 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= )`
	RRSIG=16654 and DNSKEY=16654 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= )`
	RRSIG=16654 and DNSKEY=16654 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 503 octets ;; HEADER SECTION ;; id = 36500 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns2.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from [68.87.85.132] 503 octets ;; HEADER SECTION ;; id = 11111 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= )`
	RRSIG=16654 and DNSKEY=16654 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= )`
	RRSIG=16654 and DNSKEY=16654 verifies the SOA RRset

capitolgiftshop.gov

	Query to authns1.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 63.150.72.4
	;; Response received from [63.150.72.4] 503 octets ;; HEADER SECTION ;; id = 32615 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	authns1.centurylink.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to authns1.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 63.150.72.4
	;; Response received from [63.150.72.4] 503 octets ;; HEADER SECTION ;; id = 39089 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= )`
	RRSIG=16654 and DNSKEY=16654 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= )`
	RRSIG=16654 and DNSKEY=16654 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 503 octets ;; HEADER SECTION ;; id = 3411 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns3.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from [68.87.76.228] 503 octets ;; HEADER SECTION ;; id = 50240 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 2503 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20240730181557 20240726181106 16654 capitolgiftshop.gov. LngBQ2z8An4tP6gIG7IO+bY7eRyWvxLoXd2+62BiqPHMsEraD2+nNAL5y0rBM2iaYRe9NAtEJqHl VQgG7er4B3pvti0L4+KEaG4UFbh+NrjQ0urANdXA93GMXitpI52qg0kYEJsTKEusxnPaKArTwOed WUhMHzcooV6zCL3wajw= )`
	RRSIG=16654 and DNSKEY=16654 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20240730191106 20240726181106 16654 capitolgiftshop.gov. PTUGI8Bib0kZFPX+NI3HlnXnT0BvwuCqXR9uA2rNyyE6UWhVM/gqsvNoF+nz+f5ivJjOyyNwSBy/ 8B00W8VrZnaweMmg7AAwCcNl+XB2BZIpUQlZ+ksd0UrbwqaADsTVoBgq4LysdIgFJ9Yqkzl/Que9 /jNJzq1f5348kIYn7nU= )`
	RRSIG=16654 and DNSKEY=16654 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test capitolgiftshop.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: