DNSSEC Analyzer - capitolgiftshop.gov

Domain Name:

Time: 2023-03-23 21:46:37 UTC, NTP stratum 4

Analyzing DNSSEC problems for capitolgiftshop.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to a.root-servers.net for ./DNSKEY
	Received 1139 bytes from 198.41.0.4
	;; Response received from 198.41.0.4 (1139 octets) ;; HEADER SECTION ;; id = 46194 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbF1LAxEQPtClEQno48k6u7JjCOfVfwdENOxQUrX0JbpN5DnKGMAKIfdiWa5oDeKQ3OoQ58y CC8vjtaaGFDgpJxoLwqzhBYHPGFgins5HIERcCQPGAJKWu/ku4XLh+Fu7UyBubDCelxKTbnj26Ew bochltRqGIE8hbwSXEzRNo4g+NXkaRMq2FFbaBtEE82yTmZUgFRYAFUvfGTPWblyZGtkepVuHyNb 0w/u24dpsz+uyCZZR04cHfRrWOKvqD3lDOwC4+sqd6f7F841R0N2tqSh/WDUZzWdvPBaBOz0FWFL b9porIeZ3Jm08tAMHa+3SGRXfK4RAmxVCmIQQypGabE= ) ; Key ID = 60955 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAcVnO2jZFx4756Rb/yAhJnsl72eemsObU43nclmXwqdJlp+kC5WQjGYkqLT5xkaUCPhkr4NK LLrIBZXeSGazc6gx/yrrMtUpXcQvax6kfDJPTu974OmeEbtjyyP7ZG5tUfSwNWt/4EuxDNmZTESG 8jU0ZLjYIB11pK0gSXQbMVPyIyGtFGHMPx6UxWn6zUzpECWRFbqEvkA6Y13zeJ1jG2Rki/zs7a/o 13FTl/kI9013Eh6l6Kc2zxbc14GS8fpM0/xQIrZZyeiXj/2C4RcsPeqWuNj9m0qSQrbrCZtLHb20 U8x1uue4iwSX9y7LpwZd6vjYd1d6dgBa1Xxgc/TC+m8= ) ; Key ID = 951 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20230412000000 20230322000000 20326 . XSxf/IWwVx/BM4ekFQBxNAPnhPs89l7Cr2M1OiNKNd4rC/kNmD/VOJ/06K69XTHE2SwlDAm+NiF9 CMXfRO1hB2KTpS70GiO9BXnHBlHcJF5ggV6rsaSRt924eGGEcsahkgoi/fgHCOtGIveKJPQ2xOKg RmNsix/jDSfdweyjH71AbE2lvcmPAJ3VhuFlx+mvzW8iak/unW4IySBYRVuFCdV3cVQKmXTqDpd2 ycCcmYM5xRb4YpCq5dsZBCaHVhuknii7dMV7I86TPCPFJoiiBLTqzMoc5ObhLZnkHDdTjiOgeIBJ Dw5X5w7M0wK36+5WDqm2JV6NqIc2XiiXDI1/7Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbF1LAxEQPtClEQno48k6u7JjCOfVfwdENOxQUrX0JbpN5DnKGMAKIfdiWa5oDeKQ3OoQ58y CC8vjtaaGFDgpJxoLwqzhBYHPGFgins5HIERcCQPGAJKWu/ku4XLh+Fu7UyBubDCelxKTbnj26Ew bochltRqGIE8hbwSXEzRNo4g+NXkaRMq2FFbaBtEE82yTmZUgFRYAFUvfGTPWblyZGtkepVuHyNb 0w/u24dpsz+uyCZZR04cHfRrWOKvqD3lDOwC4+sqd6f7F841R0N2tqSh/WDUZzWdvPBaBOz0FWFL b9porIeZ3Jm08tAMHa+3SGRXfK4RAmxVCmIQQypGabE= ) ; Key ID = 60955`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAcVnO2jZFx4756Rb/yAhJnsl72eemsObU43nclmXwqdJlp+kC5WQjGYkqLT5xkaUCPhkr4NK LLrIBZXeSGazc6gx/yrrMtUpXcQvax6kfDJPTu974OmeEbtjyyP7ZG5tUfSwNWt/4EuxDNmZTESG 8jU0ZLjYIB11pK0gSXQbMVPyIyGtFGHMPx6UxWn6zUzpECWRFbqEvkA6Y13zeJ1jG2Rki/zs7a/o 13FTl/kI9013Eh6l6Kc2zxbc14GS8fpM0/xQIrZZyeiXj/2C4RcsPeqWuNj9m0qSQrbrCZtLHb20 U8x1uue4iwSX9y7LpwZd6vjYd1d6dgBa1Xxgc/TC+m8= ) ; Key ID = 951`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20230412000000 20230322000000 20326 . XSxf/IWwVx/BM4ekFQBxNAPnhPs89l7Cr2M1OiNKNd4rC/kNmD/VOJ/06K69XTHE2SwlDAm+NiF9 CMXfRO1hB2KTpS70GiO9BXnHBlHcJF5ggV6rsaSRt924eGGEcsahkgoi/fgHCOtGIveKJPQ2xOKg RmNsix/jDSfdweyjH71AbE2lvcmPAJ3VhuFlx+mvzW8iak/unW4IySBYRVuFCdV3cVQKmXTqDpd2 ycCcmYM5xRb4YpCq5dsZBCaHVhuknii7dMV7I86TPCPFJoiiBLTqzMoc5ObhLZnkHDdTjiOgeIBJ Dw5X5w7M0wK36+5WDqm2JV6NqIc2XiiXDI1/7Q== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=60955 is now in the chain-of-trust
	DNSKEY=951 is now in the chain-of-trust
	Query to b.root-servers.net for capitolgiftshop.gov/A
	Received 638 bytes from 199.9.14.201
	;; Response received from 199.9.14.201 (638 octets) ;; HEADER SECTION ;; id = 24124 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20230405170000 20230323160000 951 . TQBXI1V7WMaFlxVm59Ow0BAy6CG9RaH0oco4IPWLnrWSog8ElOSlDGPEfWIwPClLCcjzen+2Qv5/ pK1M8WTe+ljRZQxDB9l5f2keq9gXXhnZTIQtzLF9ScUCUAmILbZ+/0MYbDYKlJQfC8BBWEo0kLoo UXg0FJ2Qiit7KqNWTon41CvLlETI2eNwPJ4l5+8X/cIwuX9kC/MiCYtBsBFBnf4NOY7HO/s7pXj4 ob7geWk5KzZK9Nf/0fRE/aMJz+ZicAhYsHj0GbT7fyBF46ao45Aoh0eaLDeRbCNJWWOKEXYN193s 8uB0zGanXxuAz2kkOBf7xB9lPV/aW3l4QpujYg== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN A 209.112.123.30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN A 69.36.153.30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN A 81.19.194.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Query to b.root-servers.net for gov/DNSKEY
	Received 622 bytes from 199.9.14.201
	;; Response received from 199.9.14.201 (622 octets) ;; HEADER SECTION ;; id = 13455 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20230405170000 20230323160000 951 . TQBXI1V7WMaFlxVm59Ow0BAy6CG9RaH0oco4IPWLnrWSog8ElOSlDGPEfWIwPClLCcjzen+2Qv5/ pK1M8WTe+ljRZQxDB9l5f2keq9gXXhnZTIQtzLF9ScUCUAmILbZ+/0MYbDYKlJQfC8BBWEo0kLoo UXg0FJ2Qiit7KqNWTon41CvLlETI2eNwPJ4l5+8X/cIwuX9kC/MiCYtBsBFBnf4NOY7HO/s7pXj4 ob7geWk5KzZK9Nf/0fRE/aMJz+ZicAhYsHj0GbT7fyBF46ao45Aoh0eaLDeRbCNJWWOKEXYN193s 8uB0zGanXxuAz2kkOBf7xB9lPV/aW3l4QpujYg== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN A 209.112.123.30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN A 69.36.153.30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN A 81.19.194.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found child zone gov

gov

	Checking DS between . and gov
	Query to m.root-servers.net for gov/DS
	Received 367 bytes from 202.12.27.33
	;; Response received from 202.12.27.33 (367 octets) ;; HEADER SECTION ;; id = 18227 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20230405170000 20230323160000 951 . TQBXI1V7WMaFlxVm59Ow0BAy6CG9RaH0oco4IPWLnrWSog8ElOSlDGPEfWIwPClLCcjzen+2Qv5/ pK1M8WTe+ljRZQxDB9l5f2keq9gXXhnZTIQtzLF9ScUCUAmILbZ+/0MYbDYKlJQfC8BBWEo0kLoo UXg0FJ2Qiit7KqNWTon41CvLlETI2eNwPJ4l5+8X/cIwuX9kC/MiCYtBsBFBnf4NOY7HO/s7pXj4 ob7geWk5KzZK9Nf/0fRE/aMJz+ZicAhYsHj0GbT7fyBF46ao45Aoh0eaLDeRbCNJWWOKEXYN193s 8uB0zGanXxuAz2kkOBf7xB9lPV/aW3l4QpujYg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 1 DS records for gov in the . zone
	DS=7698/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20230405170000 20230323160000 951 . TQBXI1V7WMaFlxVm59Ow0BAy6CG9RaH0oco4IPWLnrWSog8ElOSlDGPEfWIwPClLCcjzen+2Qv5/ pK1M8WTe+ljRZQxDB9l5f2keq9gXXhnZTIQtzLF9ScUCUAmILbZ+/0MYbDYKlJQfC8BBWEo0kLoo UXg0FJ2Qiit7KqNWTon41CvLlETI2eNwPJ4l5+8X/cIwuX9kC/MiCYtBsBFBnf4NOY7HO/s7pXj4 ob7geWk5KzZK9Nf/0fRE/aMJz+ZicAhYsHj0GbT7fyBF46ao45Aoh0eaLDeRbCNJWWOKEXYN193s 8uB0zGanXxuAz2kkOBf7xB9lPV/aW3l4QpujYg== )`
	RRSIG=951 and DNSKEY=951 verifies the DS RRset
	DS=7698/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	Query to d.gov-servers.net for gov/DNSKEY
	Received 777 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (777 octets) ;; HEADER SECTION ;; id = 61173 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 gov. 86400 IN DNSKEY ( 256 3 8 AwEAAZvxD/dRxa63REw/dsgJRPBzJDRXCZvGa06axqtIXHgasIi6wFd/Axk6Bpb92enCEIUffOLr i3mEsi0q9DjsJqS7tI+Im1P5RWVN+gZY3b4PQ8Sa2BWAe55FGgDcH+YcO3QGIYGqPEj576CVj4eH HcWY0UpzyvcZo6ZHbciukZ01Xu0NT9bVCAbUc9F16O7T+8In3wZShbBGQOan5QYEkxU= ) ; Key ID = 24250 gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20230404190254 20230320185754 7698 gov. RC/nrPVwW2pySuff0W81ZaI9zWfq5+l4ySEhmuzS9kN+1P0Hk6g2nAuqj4VfS5i0vJmvfUMc/suB jY4OqsBcL4PWZyKIJ6PIrq00z3QGMQ3hRJTxHc7qBHjU7ocbs70YNmZpl/Maa0JP57A85Lc+aWh9 CEUEShniWft/fNTEgzcmqUvK8ySrK248NCvIfMzQYOOyjmRdl53DKYK0A4JJWKIlgCdS3kW0PJvr t8D9WlZiGvp8x7NHQYWuamet4ZEkSNi4MlBnQt+ucIHb4qqT7xDfTJyGwqvSE05JRNU3b6Fjr75s 91YP7iid7Un5qLT3YANLZfRSgjYRHF5Cw8wQlA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for gov
	`gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAZvxD/dRxa63REw/dsgJRPBzJDRXCZvGa06axqtIXHgasIi6wFd/Axk6Bpb92enCEIUffOLr i3mEsi0q9DjsJqS7tI+Im1P5RWVN+gZY3b4PQ8Sa2BWAe55FGgDcH+YcO3QGIYGqPEj576CVj4eH HcWY0UpzyvcZo6ZHbciukZ01Xu0NT9bVCAbUc9F16O7T+8In3wZShbBGQOan5QYEkxU= ) ; Key ID = 24250`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20230404190254 20230320185754 7698 gov. RC/nrPVwW2pySuff0W81ZaI9zWfq5+l4ySEhmuzS9kN+1P0Hk6g2nAuqj4VfS5i0vJmvfUMc/suB jY4OqsBcL4PWZyKIJ6PIrq00z3QGMQ3hRJTxHc7qBHjU7ocbs70YNmZpl/Maa0JP57A85Lc+aWh9 CEUEShniWft/fNTEgzcmqUvK8ySrK248NCvIfMzQYOOyjmRdl53DKYK0A4JJWKIlgCdS3kW0PJvr t8D9WlZiGvp8x7NHQYWuamet4ZEkSNi4MlBnQt+ucIHb4qqT7xDfTJyGwqvSE05JRNU3b6Fjr75s 91YP7iid7Un5qLT3YANLZfRSgjYRHF5Cw8wQlA== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=24250 is now in the chain-of-trust
	Query to d.gov-servers.net for capitolgiftshop.gov/A
	Received 510 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (510 octets) ;; HEADER SECTION ;; id = 63390 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 9 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 86400 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 86400 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 86400 IN NS authns2.centurylink.net. capitolgiftshop.gov. 86400 IN NS authns1.centurylink.net. capitolgiftshop.gov. 86400 IN NS ns1.aoc.gov. capitolgiftshop.gov. 86400 IN NS ns2.aoc.gov. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 8 2 3600 20230328184135 20230321184135 24250 gov. Qbkd4KYTba6f5cP2fI0va2OoVsfRlYIE3RJx5HNj+cHxtADGfLGnJcfYPcyPORsYt4UN+w2zr4qm QKFU27mbJ4BnrENDogZRpGH7XsdsTjjswEvP3NUpu+4ce1ZqPPvOzQwmFw7X3dTfWDCVo63a77Ju FSYbST2gxpfJUvmgdCjvYNyvyiF+JlflQxPFUVEidfPHCRRauN7iepUlL0gQ0g== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 86400 IN A 161.197.102.14 ns2.aoc.gov. 86400 IN A 161.197.100.14 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to b.gov-servers.net for capitolgiftshop.gov/DNSKEY
	Received 510 bytes from 209.112.123.30
	;; Response received from 209.112.123.30 (510 octets) ;; HEADER SECTION ;; id = 18852 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 9 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) capitolgiftshop.gov. 86400 IN NS ns2.aoc.gov. capitolgiftshop.gov. 86400 IN NS ns1.aoc.gov. capitolgiftshop.gov. 86400 IN NS authns1.centurylink.net. capitolgiftshop.gov. 86400 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 86400 IN NS authns2.centurylink.net. capitolgiftshop.gov. 86400 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 8 2 3600 20230328184135 20230321184135 24250 gov. Qbkd4KYTba6f5cP2fI0va2OoVsfRlYIE3RJx5HNj+cHxtADGfLGnJcfYPcyPORsYt4UN+w2zr4qm QKFU27mbJ4BnrENDogZRpGH7XsdsTjjswEvP3NUpu+4ce1ZqPPvOzQwmFw7X3dTfWDCVo63a77Ju FSYbST2gxpfJUvmgdCjvYNyvyiF+JlflQxPFUVEidfPHCRRauN7iepUlL0gQ0g== ) ;; ADDITIONAL SECTION (3 records) ns1.aoc.gov. 86400 IN A 161.197.102.14 ns2.aoc.gov. 86400 IN A 161.197.100.14 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone capitolgiftshop.gov

capitolgiftshop.gov

	Checking DS between gov and capitolgiftshop.gov
	Query to d.gov-servers.net for capitolgiftshop.gov/DS
	Received 327 bytes from 81.19.194.30
	;; Response received from 81.19.194.30 (327 octets) ;; HEADER SECTION ;; id = 58228 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DS ;; ANSWER SECTION (3 records) capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 ) capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c ) capitolgiftshop.gov. 3600 IN RRSIG ( DS 8 2 3600 20230328184135 20230321184135 24250 gov. Qbkd4KYTba6f5cP2fI0va2OoVsfRlYIE3RJx5HNj+cHxtADGfLGnJcfYPcyPORsYt4UN+w2zr4qm QKFU27mbJ4BnrENDogZRpGH7XsdsTjjswEvP3NUpu+4ce1ZqPPvOzQwmFw7X3dTfWDCVo63a77Ju FSYbST2gxpfJUvmgdCjvYNyvyiF+JlflQxPFUVEidfPHCRRauN7iepUlL0gQ0g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DS records for capitolgiftshop.gov in the gov zone
	DS=62962/SHA-1 has algorithm RSASHA256
	DS=62962/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`capitolgiftshop.gov. 3600 IN RRSIG ( DS 8 2 3600 20230328184135 20230321184135 24250 gov. Qbkd4KYTba6f5cP2fI0va2OoVsfRlYIE3RJx5HNj+cHxtADGfLGnJcfYPcyPORsYt4UN+w2zr4qm QKFU27mbJ4BnrENDogZRpGH7XsdsTjjswEvP3NUpu+4ce1ZqPPvOzQwmFw7X3dTfWDCVo63a77Ju FSYbST2gxpfJUvmgdCjvYNyvyiF+JlflQxPFUVEidfPHCRRauN7iepUlL0gQ0g== )`
	RRSIG=24250 and DNSKEY=24250 verifies the DS RRset
	DS=62962/SHA-1 is now in the chain-of-trust
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 1 3f7f8b3cb2780b121fc6309a25d049442b9ba787 )`
	`capitolgiftshop.gov. 3600 IN DS ( 62962 8 2 34339d7a15abb95707a92014f72c021d4433c6c4a9c7d6dfe237361c3197ad1c )`
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/DNSKEY
	Received 1106 bytes from 68.87.85.132
	;; Response received from 68.87.85.132 (1106 octets) ;; HEADER SECTION ;; id = 45106 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 5 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN DNSKEY ;; ANSWER SECTION (5 records) capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAaq8ixuzePVVo/LR/7Z6gXRIu9XJ5j7ER6PSXR7E/SirFIsMsVRkGIvp1eDZuCiz1AeoFgP+ 4zE3vTTDIdJXjq/TDM98f5hrbWx98SOI32zjSt5RohxU8P4cFUCDxmRM/8yiJcokQMeSSoXqwfSL XvHTrxE7/4m7aUab/2pseIYxQKkps2f2/zDRA51RP9FQWrWVNl5nr9EK1VHqbXoWagRgv7RTAeXs MvFzWPD2BAL2jpqzScmE2h7iiICg5ZBEMfCBQttob8aGAOpf7tbxuvp5P+MbDu7Uf7rBo/k1TMgf a6KrMXDemH3nyU86CCSLsMVMxhYyp4dTg4GSGaVtTmE= ) ; Key ID = 62962 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAbbPMyx4SKDOzsTcEWXSvW8vVeHNUeWNREtq33a9R2ZOsQ7CcrDHkIIM8DZeOBs4x4k4a6/B 0eTniJjwFGLrFqOUKo++4lXFUWUP7GsdRLlzlAgiyR4zIl3ITDYbfRRqfYYrMZ5/IIFamBg2eY89 kRrZjVfjnC33SWNoGTtSqBuX ) ; Key ID = 13806 capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAbk92yoqEXXH7uNjBswLKatmidvkYHe2R0yy4jPdzY8DRrkfhIcCVwVI68mWFU1WXEHOIcAP KHawRd7TVuwqEXy4DAis/N9P6WzNuR3zyQ6zj2QUkdQUbKH8vSpP4UrL0p1dfCVgQ/Tu23VHX1CE HzO1nuJkkHp4icTeF5gwYG79 ) ; Key ID = 18276 capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20230326212945 20230322211818 13806 capitolgiftshop.gov. ZQ9E/1fJIxYDYuMSXvSeLtdIyrQ8oP/HONdzkJ61mBSN+88LVb+wVq5bi3wsO4tRcal4jgXYr51s GbpVuk2KKqzZfrQtfhn0lukZ3RpQWFbdc78eCMW2vl+usQf+Jwl/TuOocKkcBautV4HYW7jUwYoy GvGoonemL0v502aetfU= ) capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20230326212945 20230322211818 62962 capitolgiftshop.gov. XQvxDC5TXsUKQRAgAKfmeeuSR8nKIV7JBjlnyi0cWk7GP0uKVtlcPaZr9IWtPqMRcRgF4G6aBse+ MTn2/mbPDavik80xTEkVPA0UHO+mfP/nll3Q0CuZ1hjZmDqvHAvS9xuI91tvrTzWA88sBaug/lE/ acmEkiOqhmzemUj8cwouRlJd7Mdq9e1psyM4qKo/LXcXuhxTs5kRUCzs/UKseCNY+6MdAGFauLt+ jfH7hElFMqQtJWao9gpSrSD/Q1RwhApUuF/S+i3Jv0Hn9IBU0HNfjm7jEtCUHQNKTNyhDHZKRNk4 Yb2tt+Ez/lW3UUGAgwRKs0ZcABvVBSditTjPVw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 3 DNSKEY records for capitolgiftshop.gov
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 257 3 8 AwEAAaq8ixuzePVVo/LR/7Z6gXRIu9XJ5j7ER6PSXR7E/SirFIsMsVRkGIvp1eDZuCiz1AeoFgP+ 4zE3vTTDIdJXjq/TDM98f5hrbWx98SOI32zjSt5RohxU8P4cFUCDxmRM/8yiJcokQMeSSoXqwfSL XvHTrxE7/4m7aUab/2pseIYxQKkps2f2/zDRA51RP9FQWrWVNl5nr9EK1VHqbXoWagRgv7RTAeXs MvFzWPD2BAL2jpqzScmE2h7iiICg5ZBEMfCBQttob8aGAOpf7tbxuvp5P+MbDu7Uf7rBo/k1TMgf a6KrMXDemH3nyU86CCSLsMVMxhYyp4dTg4GSGaVtTmE= ) ; Key ID = 62962`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAbbPMyx4SKDOzsTcEWXSvW8vVeHNUeWNREtq33a9R2ZOsQ7CcrDHkIIM8DZeOBs4x4k4a6/B 0eTniJjwFGLrFqOUKo++4lXFUWUP7GsdRLlzlAgiyR4zIl3ITDYbfRRqfYYrMZ5/IIFamBg2eY89 kRrZjVfjnC33SWNoGTtSqBuX ) ; Key ID = 13806`
	`capitolgiftshop.gov. 172800 IN DNSKEY ( 256 3 8 AwEAAbk92yoqEXXH7uNjBswLKatmidvkYHe2R0yy4jPdzY8DRrkfhIcCVwVI68mWFU1WXEHOIcAP KHawRd7TVuwqEXy4DAis/N9P6WzNuR3zyQ6zj2QUkdQUbKH8vSpP4UrL0p1dfCVgQ/Tu23VHX1CE HzO1nuJkkHp4icTeF5gwYG79 ) ; Key ID = 18276`
	DNSKEY=62962/SEP is now in the chain-of-trust
	DS=62962/SHA-1 verifies DNSKEY=62962/SEP
	DS=62962/SHA-256 verifies DNSKEY=62962/SEP
	Found 2 RRSIGs over DNSKEY RRset
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20230326212945 20230322211818 13806 capitolgiftshop.gov. ZQ9E/1fJIxYDYuMSXvSeLtdIyrQ8oP/HONdzkJ61mBSN+88LVb+wVq5bi3wsO4tRcal4jgXYr51s GbpVuk2KKqzZfrQtfhn0lukZ3RpQWFbdc78eCMW2vl+usQf+Jwl/TuOocKkcBautV4HYW7jUwYoy GvGoonemL0v502aetfU= )`
	`capitolgiftshop.gov. 172800 IN RRSIG ( DNSKEY 8 2 172800 20230326212945 20230322211818 62962 capitolgiftshop.gov. XQvxDC5TXsUKQRAgAKfmeeuSR8nKIV7JBjlnyi0cWk7GP0uKVtlcPaZr9IWtPqMRcRgF4G6aBse+ MTn2/mbPDavik80xTEkVPA0UHO+mfP/nll3Q0CuZ1hjZmDqvHAvS9xuI91tvrTzWA88sBaug/lE/ acmEkiOqhmzemUj8cwouRlJd7Mdq9e1psyM4qKo/LXcXuhxTs5kRUCzs/UKseCNY+6MdAGFauLt+ jfH7hElFMqQtJWao9gpSrSD/Q1RwhApUuF/S+i3Jv0Hn9IBU0HNfjm7jEtCUHQNKTNyhDHZKRNk4 Yb2tt+Ez/lW3UUGAgwRKs0ZcABvVBSditTjPVw== )`
	RRSIG=13806 and DNSKEY=13806 verifies the DNSKEY RRset
	RRSIG=62962 and DNSKEY=62962/SEP verifies the DNSKEY RRset
	DNSKEY=13806 is now in the chain-of-trust
	DNSKEY=18276 is now in the chain-of-trust
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from 68.87.76.228 (503 octets) ;; HEADER SECTION ;; id = 38114 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	ns3.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to authns1.centurylink.net for capitolgiftshop.gov/SOA
	Received 1058 bytes from 63.150.72.4
	;; Response received from 63.150.72.4 (1058 octets) ;; HEADER SECTION ;; id = 48025 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) ;; AUTHORITY SECTION (7 records) capitolgiftshop.gov. 28800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 28800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 28800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 28800 IN RRSIG ( NS 8 2 28800 20230327100910 20230323100805 13806 capitolgiftshop.gov. R0gGa9heGldkJBA7GDGd0ydOKxc0QhV5trGcmhU2dry3CYCc4T5+RDlfSmV0L3LsdyDtNVH9h2h7 nihLhSo8u+aUVVH5JvQZ9LQXGWLCBQi+3CuAgfYzIW8Hmy4Y+HW5C3h2oR4UZBXTv4uFqloE0dbu EVBVSAT2Ff+1gZ3FUE8= ) ;; ADDITIONAL SECTION (9 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 authns1.centurylink.net. 600 IN A 63.150.72.4 authns2.centurylink.net. 600 IN A 208.44.130.120 authns1.centurylink.net. 300 IN AAAA 2001:428::5 authns2.centurylink.net. 300 IN AAAA 2001:428::6 ns1.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20230327210835 20230323201635 42858 aoc.gov. bqkf2bZzcQjzvagFfuSFcvTD5sRcyTNSz/H2YIZui/AF+imaV/ZQFMRYcJSc9pn1IzgTiCksNLbM PvreZXBUDgyhzyGT5YXXf6cr6Q+9taPvJoa77yVTKlT6ik5DGkTCXI3Ax2SZ65LyPe0ZWMfmvCfo WrmnrzzWayk2IRUoKTQ= ) ns2.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20230326235331 20230322225638 42858 aoc.gov. jYlPwjISViXTwMIoQZ6fQeoPFreCWG7bImosasxtBGbn1I09NV0E3ji3iCVPUNv6FbsSQMyysjyG 7lHvO/Bju1arMLHA0xjGQfwaJsw+vB3Bhm+azAJ8J1M0BSANYEf1hbJ+km2mhd21psngVqV2TvR3 C0RblIFktSvAtBWLREY= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns2.aoc.gov for capitolgiftshop.gov/SOA
	Received 285 bytes from 161.197.100.14
	;; Response received from 161.197.100.14 (285 octets) ;; HEADER SECTION ;; id = 33262 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1705 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option:
	ns2.aoc.gov serial (1705) differs from authns1.centurylink.net serial (1704)
	Query to authns2.centurylink.net for capitolgiftshop.gov/SOA
	Received 1058 bytes from 208.44.130.120
	;; Response received from 208.44.130.120 (1058 octets) ;; HEADER SECTION ;; id = 2528 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) ;; AUTHORITY SECTION (7 records) capitolgiftshop.gov. 28800 IN NS ns1.aoc.gov. capitolgiftshop.gov. 28800 IN NS ns2.aoc.gov. capitolgiftshop.gov. 28800 IN NS authns2.centurylink.net. capitolgiftshop.gov. 28800 IN NS authns1.centurylink.net. capitolgiftshop.gov. 28800 IN NS ns3.comcastbusiness.net. capitolgiftshop.gov. 28800 IN NS ns2.comcastbusiness.net. capitolgiftshop.gov. 28800 IN RRSIG ( NS 8 2 28800 20230327100910 20230323100805 13806 capitolgiftshop.gov. R0gGa9heGldkJBA7GDGd0ydOKxc0QhV5trGcmhU2dry3CYCc4T5+RDlfSmV0L3LsdyDtNVH9h2h7 nihLhSo8u+aUVVH5JvQZ9LQXGWLCBQi+3CuAgfYzIW8Hmy4Y+HW5C3h2oR4UZBXTv4uFqloE0dbu EVBVSAT2Ff+1gZ3FUE8= ) ;; ADDITIONAL SECTION (9 records) ns1.aoc.gov. 3600 IN A 161.197.102.14 ns2.aoc.gov. 3600 IN A 161.197.100.14 authns1.centurylink.net. 600 IN A 63.150.72.4 authns2.centurylink.net. 600 IN A 208.44.130.120 authns1.centurylink.net. 300 IN AAAA 2001:428::5 authns2.centurylink.net. 300 IN AAAA 2001:428::6 ns1.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20230327210835 20230323201635 42858 aoc.gov. bqkf2bZzcQjzvagFfuSFcvTD5sRcyTNSz/H2YIZui/AF+imaV/ZQFMRYcJSc9pn1IzgTiCksNLbM PvreZXBUDgyhzyGT5YXXf6cr6Q+9taPvJoa77yVTKlT6ik5DGkTCXI3Ax2SZ65LyPe0ZWMfmvCfo WrmnrzzWayk2IRUoKTQ= ) ns2.aoc.gov. 3600 IN RRSIG ( A 8 3 3600 20230326235331 20230322225638 42858 aoc.gov. jYlPwjISViXTwMIoQZ6fQeoPFreCWG7bImosasxtBGbn1I09NV0E3ji3iCVPUNv6FbsSQMyysjyG 7lHvO/Bju1arMLHA0xjGQfwaJsw+vB3Bhm+azAJ8J1M0BSANYEf1hbJ+km2mhd21psngVqV2TvR3 C0RblIFktSvAtBWLREY= ) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/SOA
	Received 282 bytes from 68.87.85.132
	;; Response received from 68.87.85.132 (282 octets) ;; HEADER SECTION ;; id = 14124 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to ns1.aoc.gov for capitolgiftshop.gov/SOA
	Received 285 bytes from 161.197.102.14
	;; Response received from 161.197.102.14 (285 octets) ;; HEADER SECTION ;; id = 30349 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN SOA ;; ANSWER SECTION (2 records) capitolgiftshop.gov. 28800 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1705 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option:
	ns1.aoc.gov serial (1705) differs from authns1.centurylink.net serial (1704)
	Query to ns3.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.76.228
	;; Response received from 68.87.76.228 (503 octets) ;; HEADER SECTION ;; id = 52855 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= )`
	RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= )`
	RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from 161.197.102.14 (506 octets) ;; HEADER SECTION ;; id = 50531 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1705 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option:
	ns1.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns1.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.102.14
	;; Response received from 161.197.102.14 (506 octets) ;; HEADER SECTION ;; id = 40690 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1705 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option:
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= )`
	RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= )`
	RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

capitolgiftshop.gov

	Query to authns2.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 208.44.130.120
	;; Response received from 208.44.130.120 (503 octets) ;; HEADER SECTION ;; id = 10452 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	authns2.centurylink.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to authns2.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 208.44.130.120
	;; Response received from 208.44.130.120 (503 octets) ;; HEADER SECTION ;; id = 17785 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= )`
	RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= )`
	RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

capitolgiftshop.gov

	Query to authns1.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 63.150.72.4
	;; Response received from 63.150.72.4 (503 octets) ;; HEADER SECTION ;; id = 1419 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	authns1.centurylink.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to authns1.centurylink.net for capitolgiftshop.gov/A
	Received 503 bytes from 63.150.72.4
	;; Response received from 63.150.72.4 (503 octets) ;; HEADER SECTION ;; id = 5116 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= )`
	RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= )`
	RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from 68.87.85.132 (503 octets) ;; HEADER SECTION ;; id = 249 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	ns2.comcastbusiness.net is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.comcastbusiness.net for capitolgiftshop.gov/A
	Received 503 bytes from 68.87.85.132
	;; Response received from 68.87.85.132 (503 octets) ;; HEADER SECTION ;; id = 840 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1704 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= )`
	RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 28800 IN RRSIG ( SOA 8 2 28800 20230327110805 20230323100805 13806 capitolgiftshop.gov. PUINHSIqB17Q9ZqHhX50ueYThDSZS7PVfEL13hRCkKyLNtfHKu2OiBRcn/oKeCTkRHOM4gKFIP00 G33HYGdkF3s6UQahMnlNKUsMPcT+rkuQbWCHIkHHBgyi5xU2t8zxi3+/vUKGpEhIpNWAS4HExwit L4j3LejawItlXKyJwFc= )`
	RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

capitolgiftshop.gov

	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from 161.197.100.14 (506 octets) ;; HEADER SECTION ;; id = 28236 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1705 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option:
	ns2.aoc.gov is authoritative for capitolgiftshop.gov
	Found RRSIG signed by capitolgiftshop.gov zone
	Query to ns2.aoc.gov for capitolgiftshop.gov/A
	Received 506 bytes from 161.197.100.14
	;; Response received from 161.197.100.14 (506 octets) ;; HEADER SECTION ;; id = 31160 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option: ;; QUESTION SECTION (1 record) ;; capitolgiftshop.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) capitolgiftshop.gov. 900 IN SOA ( ns1.aoc.gov. hostmaster.aoc.gov. 1705 ;serial 10800 ;refresh 1080 ;retry 2419200 ;expire 900 ;minimum ) capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= ) capitolgiftshop.gov. 900 IN NSEC ( capitolgiftshop.gov. NS SOA RRSIG NSEC DNSKEY ) capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1220 ;; option:
	Checking NSEC records for a NODATA response
	Found 1 RRSIGs over NSEC RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( NSEC 8 2 900 20230327100910 20230323100805 13806 capitolgiftshop.gov. N/bfaHf1sbWRrWwfEWP8dYZ8Fv1/YPO6jcYZt3KxX8jGB/Z+ORRNDZ1G1Ffq1tRYMHpHLgLgOs+/ l5ODDTkoIpVRcfou66VYLHU8Dilk0hUI+AtzWNO43G1FySNaoDuRrLMzUAlP6fk+rNiWxPwGOJeO MLzGCS7SuAIz2cs1YJE= )`
	RRSIG=13806 and DNSKEY=13806 verifies the NSEC RRset
	NSEC proves no records of type A exist for capitolgiftshop.gov
	Found 1 RRSIGs over SOA RRset
	`capitolgiftshop.gov. 900 IN RRSIG ( SOA 8 2 28800 20230327212945 20230323202945 13806 capitolgiftshop.gov. i/4Ob6hK9QVlOt7uZnFSAo39dD0+TFNNJqqlgIA5lmAXkgVlzhgQAPuLQleeK2dRTj9zp+kJK07g 7haWXqEQfgphsU6FLK08c5nNC42jwtTn8gevbS3y6YGmi19xkxPL9Mm7ILa6S88LOTaJlFGsRxod KXCqOUXEEOASYM2eIe0= )`
	RRSIG=13806 and DNSKEY=13806 verifies the SOA RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test capitolgiftshop.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: