DNSSEC Debugger - cfpb.gov

Back to Verisign Labs Tools

Domain Name:

Detail: more(+) / less(-)

Time: 2026-04-17 09:51:13 UTC

Analyzing DNSSEC problems for cfpb.gov

DS=20326/SHA-256 is now in the chain-of-trust

DS=38696/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	`. IN DS ( 38696 8 2 683d2d0acb8c9b712a1948b27f741219298d0a450d612c483af444a4c0fb2b16 )`
	Query to b.root-servers.net for ./DNSKEY
	Received 1139 bytes from 170.247.170.2
	;; Response received from [170.247.170.2] 1139 octets ;; HEADER SECTION ;; id = 54945 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260502000000 20260411000000 20326 . ldfPZ7Q9Ca8GfxnsJcPAMMy9Dt1qfL2guvByLtN9kRcMMn8g3ukazjrv5Bj/KOLEXV++Zp8g8UpL /80NUKP4ZA1Yq3gmEE2hyEG7M964fUrTaB9w9leATi8UK176zklnB7trP81yL6TIZmaCImUMWVkU n8uGeIJUaVz2XpboM5PGo2gEQH2mVAavFammRoDbj4gnMJvXgOMIZtLIIGcOaxuY5sFQo1MDQnoQ OYMAHVqdUu4Ld+Jq29ktutAXUK6hobUBss0me2y+xlu3fmZ5JiKSJOPDiBQBqjUAhueBKEZpamt/ gr8NtHLe0QLKs2h3XhsGNHE7Ksr3WwiCCFHP0A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAb5dDYffpgAJ8VUGLwQtWXPlQWsjIFJtCM00/XaKU+8ln+ofah3q2KxEIjvzQg+nqdxRj+8e mtPne1mtYcbFWP4Q9E+DniOJLK09R05FuzvGbrG7DDdRDUX/cedFdV7O8pFEAYpJqYNR9BCTIAV9 73DO2biauKSA31b7I2lK/woxoR1tf5cqJ4SMbJUviuHicAEoUi2ATswloZNWd5T5thmEFZnxFx7D 5UgKCY7oflS7+GU7dNJwEtmFnWYVETHN0kHXVz6aguouaAZp706YXNIoR/iTgQhmsR7XX+wL0Z8Q M2LxQIyU6vRZ06IyuJMGRMiwkSuGElbumyBt12JZbrU= ) ; keytag 54393`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	DNSKEY=38696/SEP is now in the chain-of-trust
	DS=38696/SHA-256 verifies DNSKEY=38696/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260502000000 20260411000000 20326 . ldfPZ7Q9Ca8GfxnsJcPAMMy9Dt1qfL2guvByLtN9kRcMMn8g3ukazjrv5Bj/KOLEXV++Zp8g8UpL /80NUKP4ZA1Yq3gmEE2hyEG7M964fUrTaB9w9leATi8UK176zklnB7trP81yL6TIZmaCImUMWVkU n8uGeIJUaVz2XpboM5PGo2gEQH2mVAavFammRoDbj4gnMJvXgOMIZtLIIGcOaxuY5sFQo1MDQnoQ OYMAHVqdUu4Ld+Jq29ktutAXUK6hobUBss0me2y+xlu3fmZ5JiKSJOPDiBQBqjUAhueBKEZpamt/ gr8NtHLe0QLKs2h3XhsGNHE7Ksr3WwiCCFHP0A== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=54393 is now in the chain-of-trust
	Query to f.root-servers.net for cfpb.gov/A
	Received 615 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 615 octets ;; HEADER SECTION ;; id = 65146 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260430050000 20260417040000 54393 . njftKBi/siYeyqj8qinHcA8BR5KW+KFh4hWa/QxMpZnKNL9kbI5qB/Kp74HxW+BBEV5RM3qb8iyH 91dkwwlaHBacM14ref7unsY9/6g8p+QyafNgbPp7z1HULHOnqpA2XvzkWIpkqKTBAi0w+124IrjH bNairvFK6pTL6nYAK5SFwN+SfO3RTj+ltNhKvVr/rPgauYzGGdJc7RIEKerRIbbJ61tp1jIsZZmP Asm4saTNvKLc/aGsCG4P1/DzsdW4EfQaHpYQ3EvXjRGZhF/b/OyJbqFmR7vtklUM6kFUWdB5aLB2 hEziIWzKnhE5s0e9um74GiEjn8KdZPPut/6u5Q== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to c.root-servers.net for gov/DNSKEY
	Received 613 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 613 octets ;; HEADER SECTION ;; id = 53037 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260430050000 20260417040000 54393 . njftKBi/siYeyqj8qinHcA8BR5KW+KFh4hWa/QxMpZnKNL9kbI5qB/Kp74HxW+BBEV5RM3qb8iyH 91dkwwlaHBacM14ref7unsY9/6g8p+QyafNgbPp7z1HULHOnqpA2XvzkWIpkqKTBAi0w+124IrjH bNairvFK6pTL6nYAK5SFwN+SfO3RTj+ltNhKvVr/rPgauYzGGdJc7RIEKerRIbbJ61tp1jIsZZmP Asm4saTNvKLc/aGsCG4P1/DzsdW4EfQaHpYQ3EvXjRGZhF/b/OyJbqFmR7vtklUM6kFUWdB5aLB2 hEziIWzKnhE5s0e9um74GiEjn8KdZPPut/6u5Q== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to h.root-servers.net for gov/DS
	Received 367 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 367 octets ;; HEADER SECTION ;; id = 26987 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260430050000 20260417040000 54393 . njftKBi/siYeyqj8qinHcA8BR5KW+KFh4hWa/QxMpZnKNL9kbI5qB/Kp74HxW+BBEV5RM3qb8iyH 91dkwwlaHBacM14ref7unsY9/6g8p+QyafNgbPp7z1HULHOnqpA2XvzkWIpkqKTBAi0w+124IrjH bNairvFK6pTL6nYAK5SFwN+SfO3RTj+ltNhKvVr/rPgauYzGGdJc7RIEKerRIbbJ61tp1jIsZZmP Asm4saTNvKLc/aGsCG4P1/DzsdW4EfQaHpYQ3EvXjRGZhF/b/OyJbqFmR7vtklUM6kFUWdB5aLB2 hEziIWzKnhE5s0e9um74GiEjn8KdZPPut/6u5Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20260430050000 20260417040000 54393 . njftKBi/siYeyqj8qinHcA8BR5KW+KFh4hWa/QxMpZnKNL9kbI5qB/Kp74HxW+BBEV5RM3qb8iyH 91dkwwlaHBacM14ref7unsY9/6g8p+QyafNgbPp7z1HULHOnqpA2XvzkWIpkqKTBAi0w+124IrjH bNairvFK6pTL6nYAK5SFwN+SfO3RTj+ltNhKvVr/rPgauYzGGdJc7RIEKerRIbbJ61tp1jIsZZmP Asm4saTNvKLc/aGsCG4P1/DzsdW4EfQaHpYQ3EvXjRGZhF/b/OyJbqFmR7vtklUM6kFUWdB5aLB2 hEziIWzKnhE5s0e9um74GiEjn8KdZPPut/6u5Q== )`
	RRSIG=54393 and DNSKEY=54393 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to b.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 291 octets ;; HEADER SECTION ;; id = 28883 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260605110630 20260405110630 2536 gov. 2iHkI6KNpypgXNkkvAKmXKicvyZoEJm+L3HYyM8970H7lTBFwiVYd2cum3MuioVU5WzMEQw1k1c6 /r/8XT47qw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260605110630 20260405110630 2536 gov. 2iHkI6KNpypgXNkkvAKmXKicvyZoEJm+L3HYyM8970H7lTBFwiVYd2cum3MuioVU5WzMEQw1k1c6 /r/8XT47qw== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to a.ns.gov for cfpb.gov/A
	Received 317 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 317 octets ;; HEADER SECTION ;; id = 39108 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) cfpb.gov. 10800 IN NS a1-188.akam.net. cfpb.gov. 10800 IN NS a13-67.akam.net. cfpb.gov. 10800 IN NS a16-64.akam.net. cfpb.gov. 10800 IN NS a20-65.akam.net. cfpb.gov. 10800 IN NS a26-66.akam.net. cfpb.gov. 10800 IN NS a5-64.akam.net. cfpb.gov. 3600 IN DS ( 18661 13 2 835f7eab2735c0b47abbbc54c2bb42aeb8cd89297c69ad9ff8ea1cb51e7d2f1b ) cfpb.gov. 3600 IN RRSIG ( DS 13 2 3600 20260418105113 20260416085113 35496 gov. hR5EKefWKqyf//lw66jiEyWG/G42bSCMVpzK+cvm7oiyeBVR3p8EGF7GJpws0ZNTqyWg+3/2a0fs AriIEuoeJA== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to b.ns.gov for cfpb.gov/DNSKEY
	Received 317 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 317 octets ;; HEADER SECTION ;; id = 7323 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) cfpb.gov. 10800 IN NS a1-188.akam.net. cfpb.gov. 10800 IN NS a13-67.akam.net. cfpb.gov. 10800 IN NS a16-64.akam.net. cfpb.gov. 10800 IN NS a20-65.akam.net. cfpb.gov. 10800 IN NS a26-66.akam.net. cfpb.gov. 10800 IN NS a5-64.akam.net. cfpb.gov. 3600 IN DS ( 18661 13 2 835f7eab2735c0b47abbbc54c2bb42aeb8cd89297c69ad9ff8ea1cb51e7d2f1b ) cfpb.gov. 3600 IN RRSIG ( DS 13 2 3600 20260418105113 20260416085113 35496 gov. WZUCJPRObL6kFSES/IwiuwLU9v/3r0fOcya6NZnGod73uEk/sNHnX+P1ci79QZSsnLxzYEKc5gWC k9YZsESh5Q== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone cfpb.gov

cfpb.gov

	Checking DS between gov and cfpb.gov
	Query to d.ns.gov for cfpb.gov/DS
	Received 184 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 184 octets ;; HEADER SECTION ;; id = 18155 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN DS ;; ANSWER SECTION (2 records) cfpb.gov. 3600 IN DS ( 18661 13 2 835f7eab2735c0b47abbbc54c2bb42aeb8cd89297c69ad9ff8ea1cb51e7d2f1b ) cfpb.gov. 3600 IN RRSIG ( DS 13 2 3600 20260418105113 20260416085113 35496 gov. yi0X8WmPUPFCRwKldAiNWy5toyzW+rZ3epOJj8RfiT7BFj+ySQMc03bcWPZxT3bm4eP43jLvmUTE /LnF+o7CKw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for cfpb.gov in the gov zone
	DS=18661/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`cfpb.gov. 3600 IN RRSIG ( DS 13 2 3600 20260418105113 20260416085113 35496 gov. yi0X8WmPUPFCRwKldAiNWy5toyzW+rZ3epOJj8RfiT7BFj+ySQMc03bcWPZxT3bm4eP43jLvmUTE /LnF+o7CKw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=18661/SHA-256 is now in the chain-of-trust
	`cfpb.gov. 3600 IN DS ( 18661 13 2 835f7eab2735c0b47abbbc54c2bb42aeb8cd89297c69ad9ff8ea1cb51e7d2f1b )`
	Query to a1-188.akam.net for cfpb.gov/DNSKEY
	Received 381 bytes from 193.108.91.188
	;; Response received from [193.108.91.188] 381 octets ;; HEADER SECTION ;; id = 13124 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN DNSKEY ;; ANSWER SECTION (4 records) cfpb.gov. 7200 IN DNSKEY ( 256 3 13 92zZOkX3aQ62bIGBEO5xBeH1DFdCumJX79y//BaGKQIbyJeeXeLSeOkm5HCHRxj7FBXm7c0ITB45 HlzL1Yxspw== ) ; keytag 65088 cfpb.gov. 7200 IN DNSKEY ( 257 3 13 CPg8Twy+uDri/CrSFqJ2eblavxmUyXFmDw9nWQo6DvM4mmsP5UeZgCPRmO5FlkTa2UuiH8HR/KG8 B6mTpcriig== ) ; keytag 18661 cfpb.gov. 7200 IN DNSKEY ( 256 3 13 lgm5lGMHFKeS0NiM5CUGAhFFfx9gWL0AXyh4u/mpwk5AdYp30AW/VLQYhwQBRnmfFxf8RT7WXwkg km6ClkxHLw== ) ; keytag 37008 cfpb.gov. 7200 IN RRSIG ( DNSKEY 13 2 7200 20260420045249 20260417035249 18661 cfpb.gov. TlRItQ1dPNikm0imVaSbGFZgoSFsZYjQCR/z9uvCqDDwiTZXHc3pMyF0rkub77xsW/4my7NCmBzJ kqBwww5kkQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for cfpb.gov
	`cfpb.gov. 7200 IN DNSKEY ( 256 3 13 92zZOkX3aQ62bIGBEO5xBeH1DFdCumJX79y//BaGKQIbyJeeXeLSeOkm5HCHRxj7FBXm7c0ITB45 HlzL1Yxspw== ) ; keytag 65088`
	`cfpb.gov. 7200 IN DNSKEY ( 257 3 13 CPg8Twy+uDri/CrSFqJ2eblavxmUyXFmDw9nWQo6DvM4mmsP5UeZgCPRmO5FlkTa2UuiH8HR/KG8 B6mTpcriig== ) ; keytag 18661`
	`cfpb.gov. 7200 IN DNSKEY ( 256 3 13 lgm5lGMHFKeS0NiM5CUGAhFFfx9gWL0AXyh4u/mpwk5AdYp30AW/VLQYhwQBRnmfFxf8RT7WXwkg km6ClkxHLw== ) ; keytag 37008`
	DNSKEY=18661/SEP is now in the chain-of-trust
	DS=18661/SHA-256 verifies DNSKEY=18661/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`cfpb.gov. 7200 IN RRSIG ( DNSKEY 13 2 7200 20260420045249 20260417035249 18661 cfpb.gov. TlRItQ1dPNikm0imVaSbGFZgoSFsZYjQCR/z9uvCqDDwiTZXHc3pMyF0rkub77xsW/4my7NCmBzJ kqBwww5kkQ== )`
	RRSIG=18661 and DNSKEY=18661/SEP verifies the DNSKEY RRset
	DNSKEY=65088 is now in the chain-of-trust
	DNSKEY=37008 is now in the chain-of-trust
	Query to a1-188.akam.net for cfpb.gov/A
	Received 157 bytes from 193.108.91.188
	;; Response received from [193.108.91.188] 157 octets ;; HEADER SECTION ;; id = 11720 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 20 IN A 23.204.13.98 cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. AzGoBKNGC9if4brNm9OxQqThlOegUt78Eb5OWt3uGKB3cBSxyRr4wQXU3lyzeHoWsX4YuJRVQunj wBfk1CGD2g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a1-188.akam.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to a26-66.akam.net for cfpb.gov/SOA
	Received 430 bytes from 23.74.25.66
	;; Response received from [23.74.25.66] 430 octets ;; HEADER SECTION ;; id = 14113 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 7 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN SOA ;; ANSWER SECTION (2 records) cfpb.gov. 86400 IN SOA ( a1-188.akam.net. brandon.weigert.cfpb.gov. 2250108013 ;serial 10800 ;refresh 3601 ;retry 604800 ;expire 86400 ;minimum ) cfpb.gov. 86400 IN RRSIG ( SOA 13 2 86400 20260420045249 20260417035249 37008 cfpb.gov. AX1qnfOH1L9CJaLXIr+p6+McoYIEnlOcpmpunqXgkTgFZW52ZRliPIoZQLbbSR8Ev0/I1nz3zaPJ vqE0R+Zs8g== ) ;; AUTHORITY SECTION (7 records) cfpb.gov. 900 IN NS a26-66.akam.net. cfpb.gov. 900 IN NS a1-188.akam.net. cfpb.gov. 900 IN NS a5-64.akam.net. cfpb.gov. 900 IN NS a16-64.akam.net. cfpb.gov. 900 IN NS a20-65.akam.net. cfpb.gov. 900 IN NS a13-67.akam.net. cfpb.gov. 900 IN RRSIG ( NS 13 2 900 20260420045249 20260417035249 37008 cfpb.gov. WghOUOF2ck7WpUNCrQ7NmmLOi3ztRCbADgUfeH80EyX+jPWGv9JKWYMIsyAebkMhyhqYyMe1b1bH z4imjxHltg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a13-67.akam.net for cfpb.gov/SOA
	Received 430 bytes from 2.22.230.67
	;; Response received from [2.22.230.67] 430 octets ;; HEADER SECTION ;; id = 7571 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 7 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN SOA ;; ANSWER SECTION (2 records) cfpb.gov. 86400 IN SOA ( a1-188.akam.net. brandon.weigert.cfpb.gov. 2250108013 ;serial 10800 ;refresh 3601 ;retry 604800 ;expire 86400 ;minimum ) cfpb.gov. 86400 IN RRSIG ( SOA 13 2 86400 20260420045249 20260417035249 37008 cfpb.gov. AX1qnfOH1L9CJaLXIr+p6+McoYIEnlOcpmpunqXgkTgFZW52ZRliPIoZQLbbSR8Ev0/I1nz3zaPJ vqE0R+Zs8g== ) ;; AUTHORITY SECTION (7 records) cfpb.gov. 900 IN NS a5-64.akam.net. cfpb.gov. 900 IN NS a20-65.akam.net. cfpb.gov. 900 IN NS a26-66.akam.net. cfpb.gov. 900 IN NS a13-67.akam.net. cfpb.gov. 900 IN NS a1-188.akam.net. cfpb.gov. 900 IN NS a16-64.akam.net. cfpb.gov. 900 IN RRSIG ( NS 13 2 900 20260420045249 20260417035249 37008 cfpb.gov. WghOUOF2ck7WpUNCrQ7NmmLOi3ztRCbADgUfeH80EyX+jPWGv9JKWYMIsyAebkMhyhqYyMe1b1bH z4imjxHltg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a16-64.akam.net for cfpb.gov/SOA
	Received 430 bytes from 23.211.132.64
	;; Response received from [23.211.132.64] 430 octets ;; HEADER SECTION ;; id = 1078 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 7 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN SOA ;; ANSWER SECTION (2 records) cfpb.gov. 86400 IN SOA ( a1-188.akam.net. brandon.weigert.cfpb.gov. 2250108013 ;serial 10800 ;refresh 3601 ;retry 604800 ;expire 86400 ;minimum ) cfpb.gov. 86400 IN RRSIG ( SOA 13 2 86400 20260420045249 20260417035249 37008 cfpb.gov. AX1qnfOH1L9CJaLXIr+p6+McoYIEnlOcpmpunqXgkTgFZW52ZRliPIoZQLbbSR8Ev0/I1nz3zaPJ vqE0R+Zs8g== ) ;; AUTHORITY SECTION (7 records) cfpb.gov. 900 IN NS a16-64.akam.net. cfpb.gov. 900 IN NS a13-67.akam.net. cfpb.gov. 900 IN NS a1-188.akam.net. cfpb.gov. 900 IN NS a20-65.akam.net. cfpb.gov. 900 IN NS a26-66.akam.net. cfpb.gov. 900 IN NS a5-64.akam.net. cfpb.gov. 900 IN RRSIG ( NS 13 2 900 20260420045249 20260417035249 37008 cfpb.gov. WghOUOF2ck7WpUNCrQ7NmmLOi3ztRCbADgUfeH80EyX+jPWGv9JKWYMIsyAebkMhyhqYyMe1b1bH z4imjxHltg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a5-64.akam.net for cfpb.gov/SOA
	Received 430 bytes from 95.100.168.64
	;; Response received from [95.100.168.64] 430 octets ;; HEADER SECTION ;; id = 46012 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 7 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN SOA ;; ANSWER SECTION (2 records) cfpb.gov. 86400 IN SOA ( a1-188.akam.net. brandon.weigert.cfpb.gov. 2250108013 ;serial 10800 ;refresh 3601 ;retry 604800 ;expire 86400 ;minimum ) cfpb.gov. 86400 IN RRSIG ( SOA 13 2 86400 20260420045249 20260417035249 37008 cfpb.gov. AX1qnfOH1L9CJaLXIr+p6+McoYIEnlOcpmpunqXgkTgFZW52ZRliPIoZQLbbSR8Ev0/I1nz3zaPJ vqE0R+Zs8g== ) ;; AUTHORITY SECTION (7 records) cfpb.gov. 900 IN NS a26-66.akam.net. cfpb.gov. 900 IN NS a1-188.akam.net. cfpb.gov. 900 IN NS a20-65.akam.net. cfpb.gov. 900 IN NS a16-64.akam.net. cfpb.gov. 900 IN NS a5-64.akam.net. cfpb.gov. 900 IN NS a13-67.akam.net. cfpb.gov. 900 IN RRSIG ( NS 13 2 900 20260420045249 20260417035249 37008 cfpb.gov. WghOUOF2ck7WpUNCrQ7NmmLOi3ztRCbADgUfeH80EyX+jPWGv9JKWYMIsyAebkMhyhqYyMe1b1bH z4imjxHltg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a20-65.akam.net for cfpb.gov/SOA
	Received 430 bytes from 95.100.175.65
	;; Response received from [95.100.175.65] 430 octets ;; HEADER SECTION ;; id = 38601 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 7 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN SOA ;; ANSWER SECTION (2 records) cfpb.gov. 86400 IN SOA ( a1-188.akam.net. brandon.weigert.cfpb.gov. 2250108013 ;serial 10800 ;refresh 3601 ;retry 604800 ;expire 86400 ;minimum ) cfpb.gov. 86400 IN RRSIG ( SOA 13 2 86400 20260420045249 20260417035249 37008 cfpb.gov. AX1qnfOH1L9CJaLXIr+p6+McoYIEnlOcpmpunqXgkTgFZW52ZRliPIoZQLbbSR8Ev0/I1nz3zaPJ vqE0R+Zs8g== ) ;; AUTHORITY SECTION (7 records) cfpb.gov. 900 IN NS a16-64.akam.net. cfpb.gov. 900 IN NS a13-67.akam.net. cfpb.gov. 900 IN NS a1-188.akam.net. cfpb.gov. 900 IN NS a5-64.akam.net. cfpb.gov. 900 IN NS a20-65.akam.net. cfpb.gov. 900 IN NS a26-66.akam.net. cfpb.gov. 900 IN RRSIG ( NS 13 2 900 20260420045249 20260417035249 37008 cfpb.gov. WghOUOF2ck7WpUNCrQ7NmmLOi3ztRCbADgUfeH80EyX+jPWGv9JKWYMIsyAebkMhyhqYyMe1b1bH z4imjxHltg== ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to a1-188.akam.net for cfpb.gov/A
	cfpb.gov A RR has value 23.204.13.98
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. AzGoBKNGC9if4brNm9OxQqThlOegUt78Eb5OWt3uGKB3cBSxyRr4wQXU3lyzeHoWsX4YuJRVQunj wBfk1CGD2g== )`
	RRSIG=37008 and DNSKEY=37008 verifies the A RRset

cfpb.gov

	Query to a5-64.akam.net for cfpb.gov/A
	Received 157 bytes from 95.100.168.64
	;; Response received from [95.100.168.64] 157 octets ;; HEADER SECTION ;; id = 38506 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 20 IN A 23.204.13.98 cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. K6cyoErmf4fqTA9S2iR9YnZL24jU96W8SMTSZARvfTynX375lGg4Aorcm6mEZf99+EtQXL5Nk8wS YkWoQGhwQw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a5-64.akam.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to a5-64.akam.net for cfpb.gov/A
	cfpb.gov A RR has value 23.204.13.98
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. K6cyoErmf4fqTA9S2iR9YnZL24jU96W8SMTSZARvfTynX375lGg4Aorcm6mEZf99+EtQXL5Nk8wS YkWoQGhwQw== )`
	RRSIG=37008 and DNSKEY=37008 verifies the A RRset

cfpb.gov

	Query to a13-67.akam.net for cfpb.gov/A
	Received 157 bytes from 2.22.230.67
	;; Response received from [2.22.230.67] 157 octets ;; HEADER SECTION ;; id = 14978 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 20 IN A 23.204.13.98 cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. zXnWjzWcQX+L/B1ryF3sVl/LsAYZfSLIR/Eyg2vFQ++99LbsO80HxxARXnt77bpGC8Dt+pIocbon pjS/tZTvSA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a13-67.akam.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to a13-67.akam.net for cfpb.gov/A
	cfpb.gov A RR has value 23.204.13.98
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. zXnWjzWcQX+L/B1ryF3sVl/LsAYZfSLIR/Eyg2vFQ++99LbsO80HxxARXnt77bpGC8Dt+pIocbon pjS/tZTvSA== )`
	RRSIG=37008 and DNSKEY=37008 verifies the A RRset

cfpb.gov

	Query to a20-65.akam.net for cfpb.gov/A
	Received 157 bytes from 95.100.175.65
	;; Response received from [95.100.175.65] 157 octets ;; HEADER SECTION ;; id = 5618 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 20 IN A 23.204.13.98 cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. u0LkCNURGvp50m+S2/OfM9AoBT9a7UmDGdDGMx/Ce3V7HKZp8Tuy42+HjH6okcy0zEr76paLV4ap VucwpFQgiw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a20-65.akam.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to a20-65.akam.net for cfpb.gov/A
	cfpb.gov A RR has value 23.204.13.98
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. u0LkCNURGvp50m+S2/OfM9AoBT9a7UmDGdDGMx/Ce3V7HKZp8Tuy42+HjH6okcy0zEr76paLV4ap VucwpFQgiw== )`
	RRSIG=37008 and DNSKEY=37008 verifies the A RRset

cfpb.gov

	Query to a16-64.akam.net for cfpb.gov/A
	Received 157 bytes from 23.211.132.64
	;; Response received from [23.211.132.64] 157 octets ;; HEADER SECTION ;; id = 27878 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 20 IN A 23.204.13.98 cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. DAvz0LawUQMyS6HmsWl84av9tgUflE4bhLFVQ6BroHZSIGMTmy8EYGkK+2eUvBj7HC10/Bp5fy4x fv1Qght8Sg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a16-64.akam.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to a16-64.akam.net for cfpb.gov/A
	cfpb.gov A RR has value 23.204.13.98
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. DAvz0LawUQMyS6HmsWl84av9tgUflE4bhLFVQ6BroHZSIGMTmy8EYGkK+2eUvBj7HC10/Bp5fy4x fv1Qght8Sg== )`
	RRSIG=37008 and DNSKEY=37008 verifies the A RRset

cfpb.gov

	Query to a26-66.akam.net for cfpb.gov/A
	Received 157 bytes from 23.74.25.66
	;; Response received from [23.74.25.66] 157 octets ;; HEADER SECTION ;; id = 49987 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; cfpb.gov. IN A ;; ANSWER SECTION (2 records) cfpb.gov. 20 IN A 23.204.13.98 cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. u0LkCNURGvp50m+S2/OfM9AoBT9a7UmDGdDGMx/Ce3V7HKZp8Tuy42+HjH6okcy0zEr76paLV4ap VucwpFQgiw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	a26-66.akam.net is authoritative for cfpb.gov
	Found RRSIG signed by cfpb.gov zone
	Query to a26-66.akam.net for cfpb.gov/A
	cfpb.gov A RR has value 23.204.13.98
	Found 1 RRSIGs over A RRset
	`cfpb.gov. 20 IN RRSIG ( A 13 2 20 20260420045249 20260417035249 37008 cfpb.gov. u0LkCNURGvp50m+S2/OfM9AoBT9a7UmDGdDGMx/Ce3V7HKZp8Tuy42+HjH6okcy0zEr76paLV4ap VucwpFQgiw== )`
	RRSIG=37008 and DNSKEY=37008 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test cfpb.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: