DNSSEC Debugger - forms.gov

Domain Name:

Time: 2025-10-26 02:46:30 UTC

Analyzing DNSSEC problems for forms.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to j.root-servers.net for ./DNSKEY
	Received 1139 bytes from 192.58.128.30
	;; Response received from [192.58.128.30] 1139 octets ;; HEADER SECTION ;; id = 50021 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20251111000000 20251021000000 20326 . qu+HIDWi0ILo1qOR9j+Z8KZsBjm3N+xbTPm0UrqtVgtDmcuA0BF/m4zEQ/Wf32rCnGxW2tlrw0lq Lqpf/+1UtsfFhNCp6c88XVI19sLyeJwgAK0dYjZtSzObkArDsU9YHmKfB8ai18AN4XHD6Op1G5Io RJsNYsAyWg6GOkuaFspxV9L+ddDhjRhCmDKl3vHcRc9PscgwI47Y5hJgucB0uVbK1XbiQmAg8qqB 0YiVdyWknzL3VYkbdpyMYTlBXuLY9cW2bWrclP6nAnLNJ2BuyXBKOKXYvPCLEeu6hkmBJc6twAJK rGtEZaETWnYUFUgUj3bQHKYLgInclkXIEtF7gQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20251111000000 20251021000000 20326 . qu+HIDWi0ILo1qOR9j+Z8KZsBjm3N+xbTPm0UrqtVgtDmcuA0BF/m4zEQ/Wf32rCnGxW2tlrw0lq Lqpf/+1UtsfFhNCp6c88XVI19sLyeJwgAK0dYjZtSzObkArDsU9YHmKfB8ai18AN4XHD6Op1G5Io RJsNYsAyWg6GOkuaFspxV9L+ddDhjRhCmDKl3vHcRc9PscgwI47Y5hJgucB0uVbK1XbiQmAg8qqB 0YiVdyWknzL3VYkbdpyMYTlBXuLY9cW2bWrclP6nAnLNJ2BuyXBKOKXYvPCLEeu6hkmBJc6twAJK rGtEZaETWnYUFUgUj3bQHKYLgInclkXIEtF7gQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=61809 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to j.root-servers.net for forms.gov/A
	Received 616 bytes from 192.58.128.30
	;; Response received from [192.58.128.30] 616 octets ;; HEADER SECTION ;; id = 39459 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251107180000 20251025170000 61809 . gHmdOmeuKibDMjg1ewkn6Q7z/IrFgQGV2cZDCq4aYQaXbtVKh0Bl+wF5qC1jMjNdq+oofgoryBO2 akyvAgoFBNMa3Eza+FhdfFDDzf/QBwtC1OiJYA4lZHtFIi8hMNZOnJzH71cyM52Fz35jIQb6JYNJ tWnE1+MrrXEk1lxFX3NoX5fiW+f3D5SLcRcEigOpYFcouZQ1htPkiStGEsdMHuM3Ako9RMhs6d+p 5pNMognn+KtgMYL2qQOR6AIgHNUod+xXKM6+mmsMyJo0OijR6AZqbLyl1NphlfiS6egfRbHIQoun SyQuU608vm41xy/65TaPVwgoAsm5w2wAvub66Q== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to f.root-servers.net for gov/DNSKEY
	Received 610 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 610 octets ;; HEADER SECTION ;; id = 21895 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251107180000 20251025170000 61809 . gHmdOmeuKibDMjg1ewkn6Q7z/IrFgQGV2cZDCq4aYQaXbtVKh0Bl+wF5qC1jMjNdq+oofgoryBO2 akyvAgoFBNMa3Eza+FhdfFDDzf/QBwtC1OiJYA4lZHtFIi8hMNZOnJzH71cyM52Fz35jIQb6JYNJ tWnE1+MrrXEk1lxFX3NoX5fiW+f3D5SLcRcEigOpYFcouZQ1htPkiStGEsdMHuM3Ako9RMhs6d+p 5pNMognn+KtgMYL2qQOR6AIgHNUod+xXKM6+mmsMyJo0OijR6AZqbLyl1NphlfiS6egfRbHIQoun SyQuU608vm41xy/65TaPVwgoAsm5w2wAvub66Q== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to a.root-servers.net for gov/DS
	Received 367 bytes from 198.41.0.4
	;; Response received from [198.41.0.4] 367 octets ;; HEADER SECTION ;; id = 61739 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251107180000 20251025170000 61809 . gHmdOmeuKibDMjg1ewkn6Q7z/IrFgQGV2cZDCq4aYQaXbtVKh0Bl+wF5qC1jMjNdq+oofgoryBO2 akyvAgoFBNMa3Eza+FhdfFDDzf/QBwtC1OiJYA4lZHtFIi8hMNZOnJzH71cyM52Fz35jIQb6JYNJ tWnE1+MrrXEk1lxFX3NoX5fiW+f3D5SLcRcEigOpYFcouZQ1htPkiStGEsdMHuM3Ako9RMhs6d+p 5pNMognn+KtgMYL2qQOR6AIgHNUod+xXKM6+mmsMyJo0OijR6AZqbLyl1NphlfiS6egfRbHIQoun SyQuU608vm41xy/65TaPVwgoAsm5w2wAvub66Q== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20251107180000 20251025170000 61809 . gHmdOmeuKibDMjg1ewkn6Q7z/IrFgQGV2cZDCq4aYQaXbtVKh0Bl+wF5qC1jMjNdq+oofgoryBO2 akyvAgoFBNMa3Eza+FhdfFDDzf/QBwtC1OiJYA4lZHtFIi8hMNZOnJzH71cyM52Fz35jIQb6JYNJ tWnE1+MrrXEk1lxFX3NoX5fiW+f3D5SLcRcEigOpYFcouZQ1htPkiStGEsdMHuM3Ako9RMhs6d+p 5pNMognn+KtgMYL2qQOR6AIgHNUod+xXKM6+mmsMyJo0OijR6AZqbLyl1NphlfiS6egfRbHIQoun SyQuU608vm41xy/65TaPVwgoAsm5w2wAvub66Q== )`
	RRSIG=61809 and DNSKEY=61809 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to d.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 291 octets ;; HEADER SECTION ;; id = 4671 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251219110613 20251019110613 2536 gov. j3FRDkQ+/qhx8n7XWgDk7DC6YuMd0K42x1BaoJP4SEm+WtzI5LbaxO7OS3rDz3G0nG4HtRwBe8wW 1w4LNc5mNA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251219110613 20251019110613 2536 gov. j3FRDkQ+/qhx8n7XWgDk7DC6YuMd0K42x1BaoJP4SEm+WtzI5LbaxO7OS3rDz3G0nG4HtRwBe8wW 1w4LNc5mNA== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.gov for forms.gov/A
	Received 515 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 515 octets ;; HEADER SECTION ;; id = 57169 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251027034630 20251025014630 35496 gov. T73NYOIwvajHj5v3iCyVqAtlFRpQPmoQUl6UaoCMMAFQAJk3GfLN5vAi88ReZveOHvqNE2caR+St T8pVXIVaAg== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Query to a.ns.gov for forms.gov/DNSKEY
	Received 515 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 515 octets ;; HEADER SECTION ;; id = 48698 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251027034630 20251025014630 35496 gov. OYpyKGX+RTmA9mPpL1+G4C2zjRQZGh2faLZnkIDfa9ksmiim3tcsu2H2UKkyCiTdkINZjWxszj0V b6PfhREEig== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Found child zone forms.gov

forms.gov

	Checking DS between gov and forms.gov
	Query to c.ns.gov for forms.gov/DS
	Received 281 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 281 octets ;; HEADER SECTION ;; id = 56519 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DS ;; ANSWER SECTION (4 records) forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251027034630 20251025014630 35496 gov. zANP55Uj24XPk/G8pu7ELRt9qNPTOaaKKOxxIgWjFR0OC6vRybAvOlDwKUM4If3GJup2xR+FoSHm EdAvSRndEw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DS records for forms.gov in the gov zone
	DS=11755/SHA-256 has algorithm RSASHA256
	DS=40910/SHA-256 has algorithm RSASHA256
	DS=52030/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251027034630 20251025014630 35496 gov. zANP55Uj24XPk/G8pu7ELRt9qNPTOaaKKOxxIgWjFR0OC6vRybAvOlDwKUM4If3GJup2xR+FoSHm EdAvSRndEw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=11755/SHA-256 is now in the chain-of-trust
	DS=40910/SHA-256 is now in the chain-of-trust
	DS=52030/SHA-256 is now in the chain-of-trust
	`forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 )`
	`forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 )`
	`forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b )`
	Query to dns4.gsa.gov for forms.gov/DNSKEY
	Received 672 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 672 octets ;; HEADER SECTION ;; id = 7299 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (4 records) forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAbY9HWzdjLa3stn+1dM4Oxuu/nu1Yx32CgQstA6iD7S6ZbVCXxODAfSmC0SXZqZrpqt61jwx liN2HJDYweuhenQKatx82+4qKoVkX/DUqbfCb40WH3vITHXNAQfvQ6MeQoYnDXbYKe8DUJOFOVVg fWFUbv1fe8rBvdyjQIlDh7GX ) ; keytag 63235 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910 forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251113140951 20251014140451 40910 forms.gov. GrN3lMPU5UCMtk5W+LYAOvQ8o9CJkVLvzN7GwRvmYlOED/ZKGJ9Cnvmni9c0HI7hgUl0MqF24q+h Z7x7+QUBrys/pQwQ7vQ3vk7pl61WLXLxeJWrpYXrHo1lE6uiKmB7BkSeM7ahd/hLEWUrMP34AgY8 bvE2FFdOJTCzeieZtjU= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251113140951 20251014140451 63235 forms.gov. a8aDtRhX2Ql7Hp/i013agz4281E56sfDxfwsu23VVOBPl0eBJlE6D4VoqTgoM9Kh26N+i91IPZls FoB/06fCvuOvmg+HpglMi8GwEouj65NvTljd0YetxSa5lbdRNZQKyct6O/PoHh6XYVl0N0UAR15F 41uBRlr53EcQalLxmhs= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for forms.gov
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAbY9HWzdjLa3stn+1dM4Oxuu/nu1Yx32CgQstA6iD7S6ZbVCXxODAfSmC0SXZqZrpqt61jwx liN2HJDYweuhenQKatx82+4qKoVkX/DUqbfCb40WH3vITHXNAQfvQ6MeQoYnDXbYKe8DUJOFOVVg fWFUbv1fe8rBvdyjQIlDh7GX ) ; keytag 63235`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910`
	DNSKEY=40910/SEP is now in the chain-of-trust
	DS=40910/SHA-256 verifies DNSKEY=40910/SEP
	DS=11755/SHA-256 is published, but a corresponding DNSKEY is not
	DS=52030/SHA-256 is published, but a corresponding DNSKEY is not
	Found 2 RRSIGs over DNSKEY RRset
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251113140951 20251014140451 40910 forms.gov. GrN3lMPU5UCMtk5W+LYAOvQ8o9CJkVLvzN7GwRvmYlOED/ZKGJ9Cnvmni9c0HI7hgUl0MqF24q+h Z7x7+QUBrys/pQwQ7vQ3vk7pl61WLXLxeJWrpYXrHo1lE6uiKmB7BkSeM7ahd/hLEWUrMP34AgY8 bvE2FFdOJTCzeieZtjU= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251113140951 20251014140451 63235 forms.gov. a8aDtRhX2Ql7Hp/i013agz4281E56sfDxfwsu23VVOBPl0eBJlE6D4VoqTgoM9Kh26N+i91IPZls FoB/06fCvuOvmg+HpglMi8GwEouj65NvTljd0YetxSa5lbdRNZQKyct6O/PoHh6XYVl0N0UAR15F 41uBRlr53EcQalLxmhs= )`
	RRSIG=40910 and DNSKEY=40910/SEP verifies the DNSKEY RRset
	RRSIG=63235 and DNSKEY=63235 verifies the DNSKEY RRset
	DNSKEY=63235 is now in the chain-of-trust
	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 27384 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns5.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 265 octets ;; HEADER SECTION ;; id = 49250 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 779465393 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251115133307 20251016123307 63235 forms.gov. egtGGNoUIVFHaRKVzs9URJN6wgTjyS1CQOdNdkzdcVTw8UIjR287u57LOl15kxBnorCFZDw+Q+5b Mh1ki7QBvLVdkq6fV3iXhEPK3uzL69wkQzfLxlnec1IopcDpdWCkWIffQdamjxURkvCSvnCHj8+Y eLLRVvuJlzpDhQKvhmQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns2.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 265 octets ;; HEADER SECTION ;; id = 22456 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 779465393 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251115133307 20251016123307 63235 forms.gov. egtGGNoUIVFHaRKVzs9URJN6wgTjyS1CQOdNdkzdcVTw8UIjR287u57LOl15kxBnorCFZDw+Q+5b Mh1ki7QBvLVdkq6fV3iXhEPK3uzL69wkQzfLxlnec1IopcDpdWCkWIffQdamjxURkvCSvnCHj8+Y eLLRVvuJlzpDhQKvhmQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns4.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 265 octets ;; HEADER SECTION ;; id = 44886 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 779465393 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251115133307 20251016123307 63235 forms.gov. egtGGNoUIVFHaRKVzs9URJN6wgTjyS1CQOdNdkzdcVTw8UIjR287u57LOl15kxBnorCFZDw+Q+5b Mh1ki7QBvLVdkq6fV3iXhEPK3uzL69wkQzfLxlnec1IopcDpdWCkWIffQdamjxURkvCSvnCHj8+Y eLLRVvuJlzpDhQKvhmQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 265 octets ;; HEADER SECTION ;; id = 55495 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 779465393 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251115133307 20251016123307 63235 forms.gov. egtGGNoUIVFHaRKVzs9URJN6wgTjyS1CQOdNdkzdcVTw8UIjR287u57LOl15kxBnorCFZDw+Q+5b Mh1ki7QBvLVdkq6fV3iXhEPK3uzL69wkQzfLxlnec1IopcDpdWCkWIffQdamjxURkvCSvnCHj8+Y eLLRVvuJlzpDhQKvhmQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 46088 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= )`
	RRSIG=63235 and DNSKEY=63235 verifies the A RRset

forms.gov

	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 14471 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns2.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 5107 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= )`
	RRSIG=63235 and DNSKEY=63235 verifies the A RRset

forms.gov

	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 59379 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns3.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 30742 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= )`
	RRSIG=63235 and DNSKEY=63235 verifies the A RRset

forms.gov

	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 17953 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns4.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 25895 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= )`
	RRSIG=63235 and DNSKEY=63235 verifies the A RRset

forms.gov

	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 28726 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 57357 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251113140951 20251014140451 63235 forms.gov. C2T+LQHGcBfIJJ+9mcW3m6UirCIL2jl6s9i7MUA+vCkwfHzzR5iQIO875pT3+XU528poceW4so4L y7mUP89+rcAGE7/tKmL2xnadidVmca5tF6tkvDMWzAgYRg7wvzX6RNYeuFhDSkUB2pwhPwrmp4Eb mVhC7++acMPRBj4bbck= )`
	RRSIG=63235 and DNSKEY=63235 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: