DNSSEC Analyzer - cfpb.gov

Domain Name:

Time: 2023-09-24 18:05:04 UTC, NTP stratum 4

Analyzing DNSSEC problems for cfpb.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to b.root-servers.net for ./DNSKEY
	Received 1139 bytes from 199.9.14.201
	;; Response received from 199.9.14.201 (1139 octets) ;; HEADER SECTION ;; id = 20421 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAcEtWatIO3exfN3A+WnZl7AVEBA3crRrrwKTfnmcdLt79C3DCOF1JX5zb4s84v0OxwlOVg+T R8VpkuYynMp3PQXLomLxe7j7PlxqEBo1LQaWfqyymCuF7rKebTLB5yZcr8/QUPwk/weLyguX6iVN DjIZOmeMqPkGJtDFp+EUfKgOa8AulKPLtsUL1W+1FT8sqroSxKXVXnhkEZN1O1zBxTG/z9xjwiPc d3//LSPUpEC9+rU2XIuCJq8nwAwJ7W6Rc49RxUT0Svc57HKqHjNuapvG0PCYh3bXCQzb7mb2pNwu erMFTzP5iEzXWZD7izLg9j3wEJ2Ia/WIEts/Tp9GIQM= ) ; Key ID = 11019 . 172800 IN DNSKEY ( 256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpM PIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3A MSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84v gl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJY zPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c= ) ; Key ID = 46780 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20231010000000 20230919000000 20326 . Xx8gfV3qemuf4ffCr2jq6aUIn15oFbjiocYWvFF9GGoLqOqZEMrkiNHmCcAfnyEjltWTwx2YdnAM CmQO8KJ4+6hSbSsRbDWwVnBI+3lkqvdpEIMlgkVuKsK012s19eERCPqYV+eyrW8YR1IQhXljVgy7 zISHkomWGtf0AY8jXlGABCLbHQj0/x0kuNM2gOz/gSWqKVt3Nwbpu/0gh9mrjQPH29q/p0vVjlEV J4SQgYvBBuxQZMxwupvrn4a4hr3zbGbiUkR772gra0DfNUIVB9A+GEcCpFwazbjcV476xAtuUC8R 8g44qtKhL+vezd4Mnm/hOPGf1ZGinAPlsylkiA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAcEtWatIO3exfN3A+WnZl7AVEBA3crRrrwKTfnmcdLt79C3DCOF1JX5zb4s84v0OxwlOVg+T R8VpkuYynMp3PQXLomLxe7j7PlxqEBo1LQaWfqyymCuF7rKebTLB5yZcr8/QUPwk/weLyguX6iVN DjIZOmeMqPkGJtDFp+EUfKgOa8AulKPLtsUL1W+1FT8sqroSxKXVXnhkEZN1O1zBxTG/z9xjwiPc d3//LSPUpEC9+rU2XIuCJq8nwAwJ7W6Rc49RxUT0Svc57HKqHjNuapvG0PCYh3bXCQzb7mb2pNwu erMFTzP5iEzXWZD7izLg9j3wEJ2Ia/WIEts/Tp9GIQM= ) ; Key ID = 11019`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpM PIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3A MSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84v gl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJY zPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c= ) ; Key ID = 46780`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20231010000000 20230919000000 20326 . Xx8gfV3qemuf4ffCr2jq6aUIn15oFbjiocYWvFF9GGoLqOqZEMrkiNHmCcAfnyEjltWTwx2YdnAM CmQO8KJ4+6hSbSsRbDWwVnBI+3lkqvdpEIMlgkVuKsK012s19eERCPqYV+eyrW8YR1IQhXljVgy7 zISHkomWGtf0AY8jXlGABCLbHQj0/x0kuNM2gOz/gSWqKVt3Nwbpu/0gh9mrjQPH29q/p0vVjlEV J4SQgYvBBuxQZMxwupvrn4a4hr3zbGbiUkR772gra0DfNUIVB9A+GEcCpFwazbjcV476xAtuUC8R 8g44qtKhL+vezd4Mnm/hOPGf1ZGinAPlsylkiA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=11019 is now in the chain-of-trust
	DNSKEY=46780 is now in the chain-of-trust
	Query to j.root-servers.net for cfpb.gov/A
	Received 675 bytes from 192.58.128.30
	;; Response received from 192.58.128.30 (675 octets) ;; HEADER SECTION ;; id = 54674 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20231007050000 20230924040000 11019 . tTg+S05iF6tYI24Bs0KpnTfZUrJRHfORGjX4O1p8LMJ5WY19q4RUSt0ffmvXevhckeu0dqffzgpH 8u/NC1op8S0O+OP3KvPpmARx6H3BVKeRWp+q+nwtz6kseqIg3ukiVAksmxACElnqHwwSTpK4ku5V H48TesoBva54U1V2MhS1iD8gUEStt8s1aD+mdd/oVQ3Wvd1c5dHU9oteSwzZQfOsyFAmThi7fjCl 8la+1DGXtmVQ2sVvpSaJJrIF90rzGKyxKGCrz3ffqxSRTOIT96+MgKTmXN+8QmDyD/ACJAe1zmGD ZuRj3FL7ul0X9Kfv6fM6zGQNf4d/m8+ZiKz3nw== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 b.gov-servers.net. 172800 IN A 209.112.123.30 c.gov-servers.net. 172800 IN A 69.36.153.30 d.gov-servers.net. 172800 IN A 81.19.194.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1472 ;; option:
	Query to b.root-servers.net for gov/DNSKEY
	Received 670 bytes from 199.9.14.201
	;; Response received from 199.9.14.201 (670 octets) ;; HEADER SECTION ;; id = 40430 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 7 arcount = 9 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (7 records) gov. 172800 IN NS a.gov-servers.net. gov. 172800 IN NS b.gov-servers.net. gov. 172800 IN NS c.gov-servers.net. gov. 172800 IN NS d.gov-servers.net. gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20231007050000 20230924040000 11019 . tTg+S05iF6tYI24Bs0KpnTfZUrJRHfORGjX4O1p8LMJ5WY19q4RUSt0ffmvXevhckeu0dqffzgpH 8u/NC1op8S0O+OP3KvPpmARx6H3BVKeRWp+q+nwtz6kseqIg3ukiVAksmxACElnqHwwSTpK4ku5V H48TesoBva54U1V2MhS1iD8gUEStt8s1aD+mdd/oVQ3Wvd1c5dHU9oteSwzZQfOsyFAmThi7fjCl 8la+1DGXtmVQ2sVvpSaJJrIF90rzGKyxKGCrz3ffqxSRTOIT96+MgKTmXN+8QmDyD/ACJAe1zmGD ZuRj3FL7ul0X9Kfv6fM6zGQNf4d/m8+ZiKz3nw== ) ;; ADDITIONAL SECTION (9 records) a.gov-servers.net. 172800 IN A 69.36.157.30 a.gov-servers.net. 172800 IN AAAA 2001:500:4431::2:30 b.gov-servers.net. 172800 IN A 209.112.123.30 b.gov-servers.net. 172800 IN AAAA 2620:74:27::2:30 c.gov-servers.net. 172800 IN A 69.36.153.30 c.gov-servers.net. 172800 IN AAAA 2620:74:28::2:30 d.gov-servers.net. 172800 IN A 81.19.194.30 d.gov-servers.net. 172800 IN AAAA 2620:74:29::2:30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found child zone gov

gov

	Checking DS between . and gov
	Query to l.root-servers.net for gov/DS
	Received 415 bytes from 199.7.83.42
	;; Response received from 199.7.83.42 (415 octets) ;; HEADER SECTION ;; id = 11817 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (3 records) gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 ) gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20231007050000 20230924040000 11019 . tTg+S05iF6tYI24Bs0KpnTfZUrJRHfORGjX4O1p8LMJ5WY19q4RUSt0ffmvXevhckeu0dqffzgpH 8u/NC1op8S0O+OP3KvPpmARx6H3BVKeRWp+q+nwtz6kseqIg3ukiVAksmxACElnqHwwSTpK4ku5V H48TesoBva54U1V2MhS1iD8gUEStt8s1aD+mdd/oVQ3Wvd1c5dHU9oteSwzZQfOsyFAmThi7fjCl 8la+1DGXtmVQ2sVvpSaJJrIF90rzGKyxKGCrz3ffqxSRTOIT96+MgKTmXN+8QmDyD/ACJAe1zmGD ZuRj3FL7ul0X9Kfv6fM6zGQNf4d/m8+ZiKz3nw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DS records for gov in the . zone
	DS=7698/SHA-256 has algorithm RSASHA256
	DS=64280/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20231007050000 20230924040000 11019 . tTg+S05iF6tYI24Bs0KpnTfZUrJRHfORGjX4O1p8LMJ5WY19q4RUSt0ffmvXevhckeu0dqffzgpH 8u/NC1op8S0O+OP3KvPpmARx6H3BVKeRWp+q+nwtz6kseqIg3ukiVAksmxACElnqHwwSTpK4ku5V H48TesoBva54U1V2MhS1iD8gUEStt8s1aD+mdd/oVQ3Wvd1c5dHU9oteSwzZQfOsyFAmThi7fjCl 8la+1DGXtmVQ2sVvpSaJJrIF90rzGKyxKGCrz3ffqxSRTOIT96+MgKTmXN+8QmDyD/ACJAe1zmGD ZuRj3FL7ul0X9Kfv6fM6zGQNf4d/m8+ZiKz3nw== )`
	RRSIG=11019 and DNSKEY=11019 verifies the DS RRset
	DS=7698/SHA-256 is now in the chain-of-trust
	DS=64280/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 7698 8 2 6bc949e638442ead0bdaf0935763c8d003760384ff15ebbd5ce86bb5559561f0 )`
	`gov. 86400 IN DS ( 64280 8 2 d66cdda12234c22c5e6fd1c894dbd682fe7967e111793485a281972bfb164377 )`
	Query to a.gov-servers.net for gov/DNSKEY
	Received 1233 bytes from 69.36.157.30
	;; Response received from 69.36.157.30 (1233 octets) ;; HEADER SECTION ;; id = 49096 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 5 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (5 records) gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698 gov. 86400 IN DNSKEY ( 257 3 8 AwEAAZp0vliR0TOBCJXmdagY36BI5ZveSPE3OSrcXKDs8IZa86x1+gwbheJcfLB6Fw6cWYUXaNgA mFcbxqIqWc5VJSyPS9yCPdEOLEIiegwCmcWnNsEyc0snKTyypXnvJ5JNhoznpFILDqlksAqP/aiq 1/l0w8TMkRbRrViLrJ1ayaScZ0nn/ge5wNpX09T9RI+gF1OIMJDdgH1vi0a+t6smSy4pUrerFTsu y8JAL+PP85MZiOssT9yoERfWSjFKde6PrQX5vj090AxT+hztb+q2EFXnF1a2L73/3UarB19k5NR3 MT1uM7ddag64Q0lg3aTy3MglDCzP7/StUxdeyL5qIX8= ) ; Key ID = 64280 gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcbYvlY667qXEzHsDTkft9cgKy5F0S9CAP+aFK9+sJumGqvpMaOyOzsilJ+OSVFhopJ1aRFp CUpLVIcVJ3E3YATGpzB45M0D5c4oJ0RjEIUakBwcPghmSW8K1GPqj/eUs4fbVPytXwtwvUll9Lxf gUvi5DA6xD6d2ckwDyRxfcMhXYydr2hIsgfrBLmRDMi4BkxMvA23eShPd/tPvnR0gJk= ) ; Key ID = 10104 gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcvA+2gDUzQ8CrZNef0l31+89Y1gUM8rPtvpC9E3HNsYoOxe3r0NVuWjafg5zXzkRnHhw0L9 nBIQH8cqEeFKg3bJx2i8dj4N9YXmmhkLHuE0JJ9+JrZQpWRY9AQPsG3l2RLnL6Vato0IIweFWF+7 oWVM0xMoB6wjI0XTB+tO1x3a/wuGs7cTPBM4RzvKqsY36/bICi+QNVIesASaGNrFqs0= ) ; Key ID = 40921 gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20231008040000 20230923035500 7698 gov. ZwUS8pkBdeVIiXrdTNAFO7hm3WBpzd5rmcMSg3ewi7Z7Gb6jjyqePCEVUOzrTZzY+CRSknDVQQc7 QAHTkqPG6pvFDWxDkEgBMAU33rSxxussGS6IROb6Pz/REaEHbxsdYmIdfk/HhDNj9v2XQlK4/O7g iIVqwiTlwTBRyryqKZYVBgXCvIWd5wWVPAz5ncDjgrelVa3WlsKK9R9wdMrIWpBO8hkZl8b/nUiO P66iKOJ/u08cZ3hJFvyGNMBBG8hdydVlTcebkU20eeEfI4ajEuzPUKhV7sEOvD4CXSbQaChutrFP ZaCgmk85dtnzdxBQqyeLstU7LY0KOFw/Iwz2fw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 4 DNSKEY records for gov
	`gov. 86400 IN DNSKEY ( 257 3 8 AQO8daaz7B+yshOfL60rytKd9aOSujgponEw3fwBMEC3/+e9XzHw2k+VKnbJTZ+QaVtpfUd1q9HK ZIv/ck83Gl5TjYKE5jtUZ2kpEDZfVNGv6yx0smtWAXv1nCJS9ohnyOTd397eMojGDHqkEC+uojES cZheEkMxzgCZwDAs+/CSU7mSuHtCRZn19xlZUd5Gv7yDQ3mbOUwuy30oSk0z1Q5UUPpoihOugIZH FX6Jk7NLiW2wlqfq9qhV4zj7TiBiJY0mCc4zHN8/aq2VKDHp2Na7mWzvKyTy+SYQkBQ/08LbPwj9 YMc+uCzKL6sU/ObHv17EFhD8aPDftTHZvV9L+OZr ) ; Key ID = 7698`
	`gov. 86400 IN DNSKEY ( 257 3 8 AwEAAZp0vliR0TOBCJXmdagY36BI5ZveSPE3OSrcXKDs8IZa86x1+gwbheJcfLB6Fw6cWYUXaNgA mFcbxqIqWc5VJSyPS9yCPdEOLEIiegwCmcWnNsEyc0snKTyypXnvJ5JNhoznpFILDqlksAqP/aiq 1/l0w8TMkRbRrViLrJ1ayaScZ0nn/ge5wNpX09T9RI+gF1OIMJDdgH1vi0a+t6smSy4pUrerFTsu y8JAL+PP85MZiOssT9yoERfWSjFKde6PrQX5vj090AxT+hztb+q2EFXnF1a2L73/3UarB19k5NR3 MT1uM7ddag64Q0lg3aTy3MglDCzP7/StUxdeyL5qIX8= ) ; Key ID = 64280`
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcbYvlY667qXEzHsDTkft9cgKy5F0S9CAP+aFK9+sJumGqvpMaOyOzsilJ+OSVFhopJ1aRFp CUpLVIcVJ3E3YATGpzB45M0D5c4oJ0RjEIUakBwcPghmSW8K1GPqj/eUs4fbVPytXwtwvUll9Lxf gUvi5DA6xD6d2ckwDyRxfcMhXYydr2hIsgfrBLmRDMi4BkxMvA23eShPd/tPvnR0gJk= ) ; Key ID = 10104`
	`gov. 86400 IN DNSKEY ( 256 3 8 AwEAAcvA+2gDUzQ8CrZNef0l31+89Y1gUM8rPtvpC9E3HNsYoOxe3r0NVuWjafg5zXzkRnHhw0L9 nBIQH8cqEeFKg3bJx2i8dj4N9YXmmhkLHuE0JJ9+JrZQpWRY9AQPsG3l2RLnL6Vato0IIweFWF+7 oWVM0xMoB6wjI0XTB+tO1x3a/wuGs7cTPBM4RzvKqsY36/bICi+QNVIesASaGNrFqs0= ) ; Key ID = 40921`
	DNSKEY=7698/SEP is now in the chain-of-trust
	DS=7698/SHA-256 verifies DNSKEY=7698/SEP
	DNSKEY=64280/SEP is now in the chain-of-trust
	DS=64280/SHA-256 verifies DNSKEY=64280/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 86400 IN RRSIG ( DNSKEY 8 1 86400 20231008040000 20230923035500 7698 gov. ZwUS8pkBdeVIiXrdTNAFO7hm3WBpzd5rmcMSg3ewi7Z7Gb6jjyqePCEVUOzrTZzY+CRSknDVQQc7 QAHTkqPG6pvFDWxDkEgBMAU33rSxxussGS6IROb6Pz/REaEHbxsdYmIdfk/HhDNj9v2XQlK4/O7g iIVqwiTlwTBRyryqKZYVBgXCvIWd5wWVPAz5ncDjgrelVa3WlsKK9R9wdMrIWpBO8hkZl8b/nUiO P66iKOJ/u08cZ3hJFvyGNMBBG8hdydVlTcebkU20eeEfI4ajEuzPUKhV7sEOvD4CXSbQaChutrFP ZaCgmk85dtnzdxBQqyeLstU7LY0KOFw/Iwz2fw== )`
	RRSIG=7698 and DNSKEY=7698/SEP verifies the DNSKEY RRset
	DNSKEY=10104 is now in the chain-of-trust
	DNSKEY=40921 is now in the chain-of-trust
	Query to a.gov-servers.net for cfpb.gov/A
	Received 383 bytes from 69.36.157.30
	;; Response received from 69.36.157.30 (383 octets) ;; HEADER SECTION ;; id = 48499 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 5 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (5 records) cfpb.gov. 86400 IN NS sauthns1.qwest.net. cfpb.gov. 86400 IN NS sauthns2.qwest.net. cfpb.gov. 3600 IN DS ( 31188 7 2 9155c3050a3252683182939dce277a6b9a318c5d20cce24c79ef7ce255add375 ) cfpb.gov. 3600 IN DS ( 27603 7 2 a3eb1dbfb78f0aad8491195b6a5af5a27ff71ca7d0425a0ca405d8cb0374fcab ) cfpb.gov. 3600 IN RRSIG ( DS 8 2 3600 20231001074011 20230924074011 40921 gov. plsHaKKpM2wcJDj580R+XXCizp2v3jxJdt8UzG99LEJFUtfhmFa6BDRiH6UHrkmNWndEKsD0X0BO WU6c8IHInKsSKfqllFqwhHk8hbZHovih9yTnl/KB0g4MVARXuXqSpLeug+zIILtyOj2dgkdpgM+X TaDFFSgWMZLuCu9WDik/MsQTy8BbIkKOPja5CbXUsMAc9uEPS10Gv1fTTaNi7Q== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to b.gov-servers.net for cfpb.gov/DNSKEY
	Received 383 bytes from 209.112.123.30
	;; Response received from 209.112.123.30 (383 octets) ;; HEADER SECTION ;; id = 23051 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 5 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (5 records) cfpb.gov. 86400 IN NS sauthns1.qwest.net. cfpb.gov. 86400 IN NS sauthns2.qwest.net. cfpb.gov. 3600 IN DS ( 31188 7 2 9155c3050a3252683182939dce277a6b9a318c5d20cce24c79ef7ce255add375 ) cfpb.gov. 3600 IN DS ( 27603 7 2 a3eb1dbfb78f0aad8491195b6a5af5a27ff71ca7d0425a0ca405d8cb0374fcab ) cfpb.gov. 3600 IN RRSIG ( DS 8 2 3600 20231001074011 20230924074011 40921 gov. plsHaKKpM2wcJDj580R+XXCizp2v3jxJdt8UzG99LEJFUtfhmFa6BDRiH6UHrkmNWndEKsD0X0BO WU6c8IHInKsSKfqllFqwhHk8hbZHovih9yTnl/KB0g4MVARXuXqSpLeug+zIILtyOj2dgkdpgM+X TaDFFSgWMZLuCu9WDik/MsQTy8BbIkKOPja5CbXUsMAc9uEPS10Gv1fTTaNi7Q== ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone cfpb.gov

cfpb.gov

	Checking DS between gov and cfpb.gov
	Query to a.gov-servers.net for cfpb.gov/DS
	Received 328 bytes from 69.36.157.30
	;; Response received from 69.36.157.30 (328 octets) ;; HEADER SECTION ;; id = 64483 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN DS ;; ANSWER SECTION (3 records) cfpb.gov. 3600 IN DS ( 31188 7 2 9155c3050a3252683182939dce277a6b9a318c5d20cce24c79ef7ce255add375 ) cfpb.gov. 3600 IN DS ( 27603 7 2 a3eb1dbfb78f0aad8491195b6a5af5a27ff71ca7d0425a0ca405d8cb0374fcab ) cfpb.gov. 3600 IN RRSIG ( DS 8 2 3600 20231001074011 20230924074011 40921 gov. plsHaKKpM2wcJDj580R+XXCizp2v3jxJdt8UzG99LEJFUtfhmFa6BDRiH6UHrkmNWndEKsD0X0BO WU6c8IHInKsSKfqllFqwhHk8hbZHovih9yTnl/KB0g4MVARXuXqSpLeug+zIILtyOj2dgkdpgM+X TaDFFSgWMZLuCu9WDik/MsQTy8BbIkKOPja5CbXUsMAc9uEPS10Gv1fTTaNi7Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DS records for cfpb.gov in the gov zone
	DS=31188/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	DS=27603/SHA-256 has algorithm RSASHA1-NSEC3-SHA1
	Found 1 RRSIGs over DS RRset
	`cfpb.gov. 3600 IN RRSIG ( DS 8 2 3600 20231001074011 20230924074011 40921 gov. plsHaKKpM2wcJDj580R+XXCizp2v3jxJdt8UzG99LEJFUtfhmFa6BDRiH6UHrkmNWndEKsD0X0BO WU6c8IHInKsSKfqllFqwhHk8hbZHovih9yTnl/KB0g4MVARXuXqSpLeug+zIILtyOj2dgkdpgM+X TaDFFSgWMZLuCu9WDik/MsQTy8BbIkKOPja5CbXUsMAc9uEPS10Gv1fTTaNi7Q== )`
	RRSIG=40921 and DNSKEY=40921 verifies the DS RRset
	DS=31188/SHA-256 is now in the chain-of-trust
	DS=27603/SHA-256 is now in the chain-of-trust
	`cfpb.gov. 3600 IN DS ( 31188 7 2 9155c3050a3252683182939dce277a6b9a318c5d20cce24c79ef7ce255add375 )`
	`cfpb.gov. 3600 IN DS ( 27603 7 2 a3eb1dbfb78f0aad8491195b6a5af5a27ff71ca7d0425a0ca405d8cb0374fcab )`
	Query to sauthns2.qwest.net for cfpb.gov/DNSKEY
	Received 1349 bytes from 208.44.130.121
	;; Response received from 208.44.130.121 (1349 octets) ;; HEADER SECTION ;; id = 13867 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 6 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN DNSKEY ;; ANSWER SECTION (6 records) cfpb.gov. 86400 IN DNSKEY ( 257 3 7 AwEAAcdhjFlnADdw5jVZjUCWxqaaIsgYb9TMwlsuu4Q65zn4PZaba0aPukbMyojc6XRRMFEWWH7R 5I35GCQk8+bIMUF6tU3AdlbFpFSeURUOy2Q0QPhbf4gXATOVePU/JxTcP9YEH3g61X4Rq1HtHWxv X20oSNAZGS6YLgdD1KUf+B+j2RU07YOIU5lr7LIOdA2zTBIHkqRWYDSDSu3Vd1HStNGUruElFm8y mNC0wxQ8IOorsrznPdAv42pEqYGMNbNFDA8c5K5uw2X0QGhBStpXK8P3jHyVMZhDMF95oBXEZBKr itaarDqx04AWO3UVzWcS8d4vcB1iD+MRKq3U94+dNSE= ) ; Key ID = 27603 cfpb.gov. 86400 IN DNSKEY ( 256 3 7 AwEAAZtjKNy0eUB49espAUtLYlW4aF24HL90G5/0F6fLpF8GFOGn8rVKBxgWU7iCQ24RVzw+KMTZ EQBzV6ah4uByo7AuqHPa9qJntc8fQEhNj3mCD4SQW8gqtmGawsO9IjlNFcPiEbwyGAMnAc/rI0lM HqrdhEd/3wV24dw6DlCDzCFX ) ; Key ID = 40193 cfpb.gov. 86400 IN DNSKEY ( 257 3 7 AwEAAckYBSEM5Eyk89leur21Cckh9K8YJV3mtDTZi35rYQK9I1B5ZFHlvbG1tPyIJB6ywEgmGLb/ QxJBuxqX+2yojMpxNfUCh13yaRqhGQHCbITb+HCgeYKuP2l7cMoFLRVj/QCIQw/3dZ8uS7K5oWiw kN/V4sWqAAcolZdWX9p0mvAMELh6dZAtIPpIJWwlBwC5vPSxVMubZ1koSJXNqfzSMP0TKN2aLb8Q h0JTN6hqczBU3jJ7vWeuDbjCO1RoLhRIiPhD4WZAmMZOhoSU0rokRcnvaUCstXlgMibmvKbaO0ih geWXPnyfdMq5iPmA/H1ZxjNqUec0AafTdu9I08RGlok= ) ; Key ID = 31188 cfpb.gov. 86400 IN DNSKEY ( 256 3 7 AwEAAe3bRgFADX3qod7B23fSF1H5b9huE4WTRD+HsSwdW89b4rMKpg9UQTBv9Juh7TOWmWOQtZok HCggW/tWzSX0wRQ03vlnCLw4ef9APAyFv5JT+XkirfJbxKt5xmoBWWXeBV101gXBGCQ6fyik/BqM 3JEhZpjZIwyNYxGJvKsRJhj9 ) ; Key ID = 22175 cfpb.gov. 86400 IN RRSIG ( DNSKEY 7 2 86400 20231001030051 20230924020051 31188 cfpb.gov. r5wH7PUGPUdrEzqZAbr3ER7ooEDkCCQxjz22aghJZ+URoxKBFVP+DYXStZCRp7iNWxYN3KanRCBY 4fu2sk/m1cadyI7g8GFA1WgvuZJ4YaqxO4WYG+0PKwJdLHdErC308TkilS0QWCxRuE8NNdwtNUhr 4NwJwAqV4rUcpo8Z9N3I2wDS8sevSSC+VwXm3VBM+Wty/ZvMtXg6lysKSweE3htTB1njDKht9zF0 hqTjdWsP03aJXlmIHqSbAYSe7FUMPyySqqTX2Z0yc/5KYUbzyhNhgKWr4aeoF4o20hMqCk0OsxE2 +j9GVZ2gmWd+WKqK1hz6irZERqPDlPnEVulo0A== ) cfpb.gov. 86400 IN RRSIG ( DNSKEY 7 2 86400 20231001030051 20230924020051 40193 cfpb.gov. RWF+F1wV3FroXDq/YouQBfrT385OdeoRK9XITJtxGaYEwZOokysEM1z1D52x/lia6F7Nk1e52yUw uVIypfVitvUhGNsTvxr5Zc7IVz/UdHN/JFjdy4qqWZbS6vsDWQZHuo0xFPu3QD/fnroMYqzd878T D3Ste4R9u6/5xfy4v4A= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 4 DNSKEY records for cfpb.gov
	`cfpb.gov. 86400 IN DNSKEY ( 257 3 7 AwEAAcdhjFlnADdw5jVZjUCWxqaaIsgYb9TMwlsuu4Q65zn4PZaba0aPukbMyojc6XRRMFEWWH7R 5I35GCQk8+bIMUF6tU3AdlbFpFSeURUOy2Q0QPhbf4gXATOVePU/JxTcP9YEH3g61X4Rq1HtHWxv X20oSNAZGS6YLgdD1KUf+B+j2RU07YOIU5lr7LIOdA2zTBIHkqRWYDSDSu3Vd1HStNGUruElFm8y mNC0wxQ8IOorsrznPdAv42pEqYGMNbNFDA8c5K5uw2X0QGhBStpXK8P3jHyVMZhDMF95oBXEZBKr itaarDqx04AWO3UVzWcS8d4vcB1iD+MRKq3U94+dNSE= ) ; Key ID = 27603`
	`cfpb.gov. 86400 IN DNSKEY ( 256 3 7 AwEAAZtjKNy0eUB49espAUtLYlW4aF24HL90G5/0F6fLpF8GFOGn8rVKBxgWU7iCQ24RVzw+KMTZ EQBzV6ah4uByo7AuqHPa9qJntc8fQEhNj3mCD4SQW8gqtmGawsO9IjlNFcPiEbwyGAMnAc/rI0lM HqrdhEd/3wV24dw6DlCDzCFX ) ; Key ID = 40193`
	`cfpb.gov. 86400 IN DNSKEY ( 257 3 7 AwEAAckYBSEM5Eyk89leur21Cckh9K8YJV3mtDTZi35rYQK9I1B5ZFHlvbG1tPyIJB6ywEgmGLb/ QxJBuxqX+2yojMpxNfUCh13yaRqhGQHCbITb+HCgeYKuP2l7cMoFLRVj/QCIQw/3dZ8uS7K5oWiw kN/V4sWqAAcolZdWX9p0mvAMELh6dZAtIPpIJWwlBwC5vPSxVMubZ1koSJXNqfzSMP0TKN2aLb8Q h0JTN6hqczBU3jJ7vWeuDbjCO1RoLhRIiPhD4WZAmMZOhoSU0rokRcnvaUCstXlgMibmvKbaO0ih geWXPnyfdMq5iPmA/H1ZxjNqUec0AafTdu9I08RGlok= ) ; Key ID = 31188`
	`cfpb.gov. 86400 IN DNSKEY ( 256 3 7 AwEAAe3bRgFADX3qod7B23fSF1H5b9huE4WTRD+HsSwdW89b4rMKpg9UQTBv9Juh7TOWmWOQtZok HCggW/tWzSX0wRQ03vlnCLw4ef9APAyFv5JT+XkirfJbxKt5xmoBWWXeBV101gXBGCQ6fyik/BqM 3JEhZpjZIwyNYxGJvKsRJhj9 ) ; Key ID = 22175`
	DNSKEY=27603/SEP is now in the chain-of-trust
	DS=27603/SHA-256 verifies DNSKEY=27603/SEP
	DNSKEY=31188/SEP is now in the chain-of-trust
	DS=31188/SHA-256 verifies DNSKEY=31188/SEP
	Found 2 RRSIGs over DNSKEY RRset
	`cfpb.gov. 86400 IN RRSIG ( DNSKEY 7 2 86400 20231001030051 20230924020051 31188 cfpb.gov. r5wH7PUGPUdrEzqZAbr3ER7ooEDkCCQxjz22aghJZ+URoxKBFVP+DYXStZCRp7iNWxYN3KanRCBY 4fu2sk/m1cadyI7g8GFA1WgvuZJ4YaqxO4WYG+0PKwJdLHdErC308TkilS0QWCxRuE8NNdwtNUhr 4NwJwAqV4rUcpo8Z9N3I2wDS8sevSSC+VwXm3VBM+Wty/ZvMtXg6lysKSweE3htTB1njDKht9zF0 hqTjdWsP03aJXlmIHqSbAYSe7FUMPyySqqTX2Z0yc/5KYUbzyhNhgKWr4aeoF4o20hMqCk0OsxE2 +j9GVZ2gmWd+WKqK1hz6irZERqPDlPnEVulo0A== )`
	`cfpb.gov. 86400 IN RRSIG ( DNSKEY 7 2 86400 20231001030051 20230924020051 40193 cfpb.gov. RWF+F1wV3FroXDq/YouQBfrT385OdeoRK9XITJtxGaYEwZOokysEM1z1D52x/lia6F7Nk1e52yUw uVIypfVitvUhGNsTvxr5Zc7IVz/UdHN/JFjdy4qqWZbS6vsDWQZHuo0xFPu3QD/fnroMYqzd878T D3Ste4R9u6/5xfy4v4A= )`
	RRSIG=31188 and DNSKEY=31188/SEP verifies the DNSKEY RRset
	RRSIG=40193 and DNSKEY=40193 verifies the DNSKEY RRset
	DNSKEY=40193 is now in the chain-of-trust
	DNSKEY=22175 is now in the chain-of-trust
	Query to sauthns2.qwest.net for cfpb.gov/A
	Received 444 bytes from 208.44.130.121
	;; Response received from 208.44.130.121 (444 octets) ;; HEADER SECTION ;; id = 16341 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 3 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 120 IN A 52.21.11.213 cfpb.gov. 120 IN RRSIG ( A 7 2 120 20231001030051 20230924020051 40193 cfpb.gov. Oe69J6bUrPwullkVRQ+weD0S3Y5jhOKdV1KmX+OsxTthsdi35GocMLM+5wnEvwVIVBiu063IbOCp Dz2o8saRtPRsz+i5g2C06oBDKiinnPhRZIeFWCJd0UMkCZdsJQdeiIn6c7WngFJhdm3znfOGX329 t8usSwm/W0LsrnNiHA4= ) ;; AUTHORITY SECTION (3 records) cfpb.gov. 900 IN NS sauthns2.qwest.net. cfpb.gov. 900 IN NS sauthns1.qwest.net. cfpb.gov. 900 IN RRSIG ( NS 7 2 900 20231001030051 20230924020051 40193 cfpb.gov. FV8HgjXSwcNN/LmdyiAhNDKsH7BcBu+3sZg7TY0/LrP62hP71LHPFKRra0YQH2tzIQIOs5is7bmO 4ADpeJQf/nVenthdeXdSNPDNIhyMWZzR0/i49PnLzLmCXF0o2SD2JEy37f88qqN06VZgwaO2ARBa A+2xE+xuWK2iBhi6GIA= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	sauthns2.qwest.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to sauthns1.qwest.net for cfpb.gov/SOA
	Received 483 bytes from 63.150.72.5
	;; Response received from 63.150.72.5 (483 octets) ;; HEADER SECTION ;; id = 38566 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 3 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN SOA ;; ANSWER SECTION (2 records) cfpb.gov. 86400 IN SOA ( sauthns2.qwest.net. abuse.aup.lumen.com. 2230922006 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 300 ;minimum ) cfpb.gov. 86400 IN RRSIG ( SOA 7 2 86400 20231001030051 20230924020051 40193 cfpb.gov. EjgZYJV9Ej2ogONGbjMuvrU0qC/rJECwPp5jWzuk+zK652mThC2Z4mpaI8RDLpHWpirbt3p0Fdop IdycolIHPccAVGjkMWlQHmAgilbq6WKUkoIlTmjeFOGWz/6SZ2OfOXLkEJqGKkdMpgu0jHZKXvcC oBvf1FoxdPWYrxqhGvE= ) ;; AUTHORITY SECTION (3 records) cfpb.gov. 900 IN NS sauthns2.qwest.net. cfpb.gov. 900 IN NS sauthns1.qwest.net. cfpb.gov. 900 IN RRSIG ( NS 7 2 900 20231001030051 20230924020051 40193 cfpb.gov. FV8HgjXSwcNN/LmdyiAhNDKsH7BcBu+3sZg7TY0/LrP62hP71LHPFKRra0YQH2tzIQIOs5is7bmO 4ADpeJQf/nVenthdeXdSNPDNIhyMWZzR0/i49PnLzLmCXF0o2SD2JEy37f88qqN06VZgwaO2ARBa A+2xE+xuWK2iBhi6GIA= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to sauthns2.qwest.net for cfpb.gov/A
	Received 444 bytes from 208.44.130.121
	;; Response received from 208.44.130.121 (444 octets) ;; HEADER SECTION ;; id = 57998 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 3 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 120 IN A 52.21.11.213 cfpb.gov. 120 IN RRSIG ( A 7 2 120 20231001030051 20230924020051 40193 cfpb.gov. Oe69J6bUrPwullkVRQ+weD0S3Y5jhOKdV1KmX+OsxTthsdi35GocMLM+5wnEvwVIVBiu063IbOCp Dz2o8saRtPRsz+i5g2C06oBDKiinnPhRZIeFWCJd0UMkCZdsJQdeiIn6c7WngFJhdm3znfOGX329 t8usSwm/W0LsrnNiHA4= ) ;; AUTHORITY SECTION (3 records) cfpb.gov. 900 IN NS sauthns2.qwest.net. cfpb.gov. 900 IN NS sauthns1.qwest.net. cfpb.gov. 900 IN RRSIG ( NS 7 2 900 20231001030051 20230924020051 40193 cfpb.gov. FV8HgjXSwcNN/LmdyiAhNDKsH7BcBu+3sZg7TY0/LrP62hP71LHPFKRra0YQH2tzIQIOs5is7bmO 4ADpeJQf/nVenthdeXdSNPDNIhyMWZzR0/i49PnLzLmCXF0o2SD2JEy37f88qqN06VZgwaO2ARBa A+2xE+xuWK2iBhi6GIA= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	cfpb.gov A RR has value 52.21.11.213
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 120 IN RRSIG ( A 7 2 120 20231001030051 20230924020051 40193 cfpb.gov. Oe69J6bUrPwullkVRQ+weD0S3Y5jhOKdV1KmX+OsxTthsdi35GocMLM+5wnEvwVIVBiu063IbOCp Dz2o8saRtPRsz+i5g2C06oBDKiinnPhRZIeFWCJd0UMkCZdsJQdeiIn6c7WngFJhdm3znfOGX329 t8usSwm/W0LsrnNiHA4= )`
	RRSIG=40193 and DNSKEY=40193 verifies the A RRset

cfpb.gov

	Query to sauthns1.qwest.net for cfpb.gov/A
	Received 444 bytes from 63.150.72.5
	;; Response received from 63.150.72.5 (444 octets) ;; HEADER SECTION ;; id = 28334 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 3 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 120 IN A 52.21.11.213 cfpb.gov. 120 IN RRSIG ( A 7 2 120 20231001030051 20230924020051 40193 cfpb.gov. Oe69J6bUrPwullkVRQ+weD0S3Y5jhOKdV1KmX+OsxTthsdi35GocMLM+5wnEvwVIVBiu063IbOCp Dz2o8saRtPRsz+i5g2C06oBDKiinnPhRZIeFWCJd0UMkCZdsJQdeiIn6c7WngFJhdm3znfOGX329 t8usSwm/W0LsrnNiHA4= ) ;; AUTHORITY SECTION (3 records) cfpb.gov. 900 IN NS sauthns2.qwest.net. cfpb.gov. 900 IN NS sauthns1.qwest.net. cfpb.gov. 900 IN RRSIG ( NS 7 2 900 20231001030051 20230924020051 40193 cfpb.gov. FV8HgjXSwcNN/LmdyiAhNDKsH7BcBu+3sZg7TY0/LrP62hP71LHPFKRra0YQH2tzIQIOs5is7bmO 4ADpeJQf/nVenthdeXdSNPDNIhyMWZzR0/i49PnLzLmCXF0o2SD2JEy37f88qqN06VZgwaO2ARBa A+2xE+xuWK2iBhi6GIA= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	sauthns1.qwest.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to sauthns1.qwest.net for cfpb.gov/A
	Received 444 bytes from 63.150.72.5
	;; Response received from 63.150.72.5 (444 octets) ;; HEADER SECTION ;; id = 14817 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 3 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 120 IN A 52.21.11.213 cfpb.gov. 120 IN RRSIG ( A 7 2 120 20231001030051 20230924020051 40193 cfpb.gov. Oe69J6bUrPwullkVRQ+weD0S3Y5jhOKdV1KmX+OsxTthsdi35GocMLM+5wnEvwVIVBiu063IbOCp Dz2o8saRtPRsz+i5g2C06oBDKiinnPhRZIeFWCJd0UMkCZdsJQdeiIn6c7WngFJhdm3znfOGX329 t8usSwm/W0LsrnNiHA4= ) ;; AUTHORITY SECTION (3 records) cfpb.gov. 900 IN NS sauthns2.qwest.net. cfpb.gov. 900 IN NS sauthns1.qwest.net. cfpb.gov. 900 IN RRSIG ( NS 7 2 900 20231001030051 20230924020051 40193 cfpb.gov. FV8HgjXSwcNN/LmdyiAhNDKsH7BcBu+3sZg7TY0/LrP62hP71LHPFKRra0YQH2tzIQIOs5is7bmO 4ADpeJQf/nVenthdeXdSNPDNIhyMWZzR0/i49PnLzLmCXF0o2SD2JEy37f88qqN06VZgwaO2ARBa A+2xE+xuWK2iBhi6GIA= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	cfpb.gov A RR has value 52.21.11.213
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 120 IN RRSIG ( A 7 2 120 20231001030051 20230924020051 40193 cfpb.gov. Oe69J6bUrPwullkVRQ+weD0S3Y5jhOKdV1KmX+OsxTthsdi35GocMLM+5wnEvwVIVBiu063IbOCp Dz2o8saRtPRsz+i5g2C06oBDKiinnPhRZIeFWCJd0UMkCZdsJQdeiIn6c7WngFJhdm3znfOGX329 t8usSwm/W0LsrnNiHA4= )`
	RRSIG=40193 and DNSKEY=40193 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test cfpb.gov at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: