DNSSEC Debugger - forms.gov

Domain Name:

Time: 2026-02-15 08:42:48 UTC

Analyzing DNSSEC problems for forms.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to a.root-servers.net for ./DNSKEY
	Received 1139 bytes from 198.41.0.4
	;; Response received from [198.41.0.4] 1139 octets ;; HEADER SECTION ;; id = 40656 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20260303000000 20260210000000 20326 . TNriFzthFM1hKzGD2meB96QrMIdTe/9ZFzMPdP3wWZAOvyfH9F9wuIhjT0V3H/0UE2cq04wvOtdG sEdmJaF7fCIj8aEE3e9Zn/woJXXXl9J3fhZQyGMq5jQLr+4KAuaNPwaMwlGHMDgZuwVJx1KpsAii b+GldJsCAVqM9hW9FpPwtuiN3c8xKT+A8DlAImzKTAUyQEyfSa9UlQzRwPeWcs2HQA/5GL0eosEW pwfdCHfpMw7JPFIMhUEsRftyZuxDgrPQs/geHoSXMeI+bgIRirnRkOLVDaNSiAKt1VtWeDrVeOBc IEzocdRicpX7VmwFHiHM1BblamwYCsX/nfexFg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbNTVC2+pry4pc37pZI9Oj6b8FHxT3VGrvSPKLE1Tjyfe2kUZUtVX5xrv6AV4BVO+ygrYjGZ MNgEnbLU4zknnlnhI2e0g6iTza1aZh0dRZXGH16C1NUNq1CxBkUhIYQhQDeIOtLacx+RmFTc+hSH JJ2MJ79IS00kA7eKi6mofQ7SPJmdJVjI+JAx791y0f5QaB+iHGANU53FwiYXNUQjfAzCrtOaSevG sx8SO8BTaXLAjFq5eewOtwScVwfVDhEXlvpE6e+mIncwhNKaMRD9IPuHENqCNPI5MjxfAMVS6cEY 8eEozIkv/vHc+0Auu3n+Fcx6F2Js4KPXaHEShAXugfU= ) ; keytag 21831`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20260303000000 20260210000000 20326 . TNriFzthFM1hKzGD2meB96QrMIdTe/9ZFzMPdP3wWZAOvyfH9F9wuIhjT0V3H/0UE2cq04wvOtdG sEdmJaF7fCIj8aEE3e9Zn/woJXXXl9J3fhZQyGMq5jQLr+4KAuaNPwaMwlGHMDgZuwVJx1KpsAii b+GldJsCAVqM9hW9FpPwtuiN3c8xKT+A8DlAImzKTAUyQEyfSa9UlQzRwPeWcs2HQA/5GL0eosEW pwfdCHfpMw7JPFIMhUEsRftyZuxDgrPQs/geHoSXMeI+bgIRirnRkOLVDaNSiAKt1VtWeDrVeOBc IEzocdRicpX7VmwFHiHM1BblamwYCsX/nfexFg== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=21831 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to e.root-servers.net for forms.gov/A
	Received 616 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 616 octets ;; HEADER SECTION ;; id = 29689 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260228050000 20260215040000 21831 . ojZQuaw665eaworBxR32Ux3kWVMF/TzFEnEpI9Ln/gRKPqhlmtANYbX0PqT1FOQV5xhZSVy9msT2 zADQOUJsmEQkA1d8cYXEPKYmH62R6YDYc8cKJYzQC11eYRgg8IL4I8hLMYtuzR3xCZj3u6ljWkM0 McK+Zykxp2HILrYOXC17eR1ohYRx4ky9cTRZK1B1UmvCHX2V3w2A6ReuGL1+YFWeZdykTzwfi6Yi odIQSYH8iDk6WqByE72U9ouPDfWx6iL+c8NeO89slpytwhw4pXyEne8KIG0SroMR2cBsgeso5nov RBrhqvE3bVIIXm7l3ZK7mX3jGYqhngjGcEArmg== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to c.root-servers.net for gov/DNSKEY
	Received 613 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 613 octets ;; HEADER SECTION ;; id = 11555 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260228050000 20260215040000 21831 . ojZQuaw665eaworBxR32Ux3kWVMF/TzFEnEpI9Ln/gRKPqhlmtANYbX0PqT1FOQV5xhZSVy9msT2 zADQOUJsmEQkA1d8cYXEPKYmH62R6YDYc8cKJYzQC11eYRgg8IL4I8hLMYtuzR3xCZj3u6ljWkM0 McK+Zykxp2HILrYOXC17eR1ohYRx4ky9cTRZK1B1UmvCHX2V3w2A6ReuGL1+YFWeZdykTzwfi6Yi odIQSYH8iDk6WqByE72U9ouPDfWx6iL+c8NeO89slpytwhw4pXyEne8KIG0SroMR2cBsgeso5nov RBrhqvE3bVIIXm7l3ZK7mX3jGYqhngjGcEArmg== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to h.root-servers.net for gov/DS
	Received 367 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 367 octets ;; HEADER SECTION ;; id = 23886 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20260228050000 20260215040000 21831 . ojZQuaw665eaworBxR32Ux3kWVMF/TzFEnEpI9Ln/gRKPqhlmtANYbX0PqT1FOQV5xhZSVy9msT2 zADQOUJsmEQkA1d8cYXEPKYmH62R6YDYc8cKJYzQC11eYRgg8IL4I8hLMYtuzR3xCZj3u6ljWkM0 McK+Zykxp2HILrYOXC17eR1ohYRx4ky9cTRZK1B1UmvCHX2V3w2A6ReuGL1+YFWeZdykTzwfi6Yi odIQSYH8iDk6WqByE72U9ouPDfWx6iL+c8NeO89slpytwhw4pXyEne8KIG0SroMR2cBsgeso5nov RBrhqvE3bVIIXm7l3ZK7mX3jGYqhngjGcEArmg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20260228050000 20260215040000 21831 . ojZQuaw665eaworBxR32Ux3kWVMF/TzFEnEpI9Ln/gRKPqhlmtANYbX0PqT1FOQV5xhZSVy9msT2 zADQOUJsmEQkA1d8cYXEPKYmH62R6YDYc8cKJYzQC11eYRgg8IL4I8hLMYtuzR3xCZj3u6ljWkM0 McK+Zykxp2HILrYOXC17eR1ohYRx4ky9cTRZK1B1UmvCHX2V3w2A6ReuGL1+YFWeZdykTzwfi6Yi odIQSYH8iDk6WqByE72U9ouPDfWx6iL+c8NeO89slpytwhw4pXyEne8KIG0SroMR2cBsgeso5nov RBrhqvE3bVIIXm7l3ZK7mX3jGYqhngjGcEArmg== )`
	RRSIG=21831 and DNSKEY=21831 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 63218 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260325110622 20260123110622 2536 gov. 1Yi8jf2XMbTmgyRtyAql82WHrDi/8ytE7icJRnRPcCVnXyEt3A8YdXw6HrWtpNUl/JkqW97k8CkQ IcmdNBTspg== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20260325110622 20260123110622 2536 gov. 1Yi8jf2XMbTmgyRtyAql82WHrDi/8ytE7icJRnRPcCVnXyEt3A8YdXw6HrWtpNUl/JkqW97k8CkQ IcmdNBTspg== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.gov for forms.gov/A
	Received 563 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 563 octets ;; HEADER SECTION ;; id = 62447 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 10 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (10 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20260216094248 20260214074248 35496 gov. QUu1Nu3dYhYvlf25GcgFDrfHGXsO5DIfIUtqVvvs/VsgHrfjXtrpL8CgL/fhbUaphbCM4pMUJa5i M8xngWY3Gg== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Query to d.ns.gov for forms.gov/DNSKEY
	Received 563 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 563 octets ;; HEADER SECTION ;; id = 60251 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 10 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (10 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20260216094248 20260214074248 35496 gov. TzQ91zH216I+Yy5quLlHqT+sBe5xL699eAi0bszDQfixhKldAclYfRli5oXNhDQDX7H4GHzKFaH+ tnfnzRdCpw== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Found child zone forms.gov

forms.gov

	Checking DS between gov and forms.gov
	Query to b.ns.gov for forms.gov/DS
	Received 329 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 329 octets ;; HEADER SECTION ;; id = 104 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DS ;; ANSWER SECTION (5 records) forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20260216094248 20260214074248 35496 gov. HKD0UdKcnoW/pIQjqTi5lOL9/LLbSWGWoMj4QxPn37XAqWgA+8oKQyidGBHEoiIdxRzjh8ERv75G 1919pYId6w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DS records for forms.gov in the gov zone
	DS=11755/SHA-256 has algorithm RSASHA256
	DS=40910/SHA-256 has algorithm RSASHA256
	DS=52030/SHA-256 has algorithm RSASHA256
	DS=6556/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20260216094248 20260214074248 35496 gov. HKD0UdKcnoW/pIQjqTi5lOL9/LLbSWGWoMj4QxPn37XAqWgA+8oKQyidGBHEoiIdxRzjh8ERv75G 1919pYId6w== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=11755/SHA-256 is now in the chain-of-trust
	DS=40910/SHA-256 is now in the chain-of-trust
	DS=52030/SHA-256 is now in the chain-of-trust
	DS=6556/SHA-256 is now in the chain-of-trust
	`forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 )`
	`forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 )`
	`forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b )`
	`forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f )`
	Query to dns.gsa.gov for forms.gov/DNSKEY
	Received 672 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 672 octets ;; HEADER SECTION ;; id = 57565 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (4 records) forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAZCYWav5SY3jx71KHiyoDa6JF8xzlP6uGyzgnRcw3LPdBIRCNtlbKEwMGIt3eFiCEyxdScrZ 4gwEhYXsq3WKHQGWbyvLwnxJ8tF1sjVnB+hSj6HeyhMzdoQsqQogzllo5izOLNLbY7kpbnk7pvba ntVMK2Kf4vjB4FcQp8uQ6UvX ) ; keytag 44106 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAYVSOn68ccyT4JbzNYb+U1CcXNaWSTMahgkV1XZ51klXXFwTy5Ql9n5N7BBTvYynkECk76zM 2l1Ak4oqsXigNxWda4QZAUGfu9Acey0EM0EIxURBy0RQL+R1N5xiSYnSdR3qm/PE+idhs91jNNQL To0kFWN4fhUNjEAwrWNuGdIL ) ; keytag 6556 forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20260304144104 20260202143604 6556 forms.gov. dGwqHoNkjfSzmQM4HeQil6ofGaOilPRZRCwQ073i72ZBZLEKPNUOv0pF21JpOjxFDBnCudmlzT3o bk01VrpWOVYF/n2ApEKSsPZaXEkq+JVOWW9z7AxAClLf1+PJm42gwdFWD5erlqIfIJeeTsETkJof qMqkC4wrmtDF4NceZU4= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20260304144104 20260202143604 44106 forms.gov. CRUuSvHTCSd0rjXBIWkCUCOZfIiusEqoBRsccwLA/564Y1zGs2ntFGV4653FZ86xw+AG+QaO5rXr 885aGivIufYW1oCHzhFC2TD+pw/ptyJUKi6e809GWshAiw5jocCZyJtlS3EFFxnkmYHU1YgM0dsD Or59yBauC2paAe3YWRc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for forms.gov
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAZCYWav5SY3jx71KHiyoDa6JF8xzlP6uGyzgnRcw3LPdBIRCNtlbKEwMGIt3eFiCEyxdScrZ 4gwEhYXsq3WKHQGWbyvLwnxJ8tF1sjVnB+hSj6HeyhMzdoQsqQogzllo5izOLNLbY7kpbnk7pvba ntVMK2Kf4vjB4FcQp8uQ6UvX ) ; keytag 44106`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAYVSOn68ccyT4JbzNYb+U1CcXNaWSTMahgkV1XZ51klXXFwTy5Ql9n5N7BBTvYynkECk76zM 2l1Ak4oqsXigNxWda4QZAUGfu9Acey0EM0EIxURBy0RQL+R1N5xiSYnSdR3qm/PE+idhs91jNNQL To0kFWN4fhUNjEAwrWNuGdIL ) ; keytag 6556`
	DNSKEY=6556/SEP is now in the chain-of-trust
	DS=6556/SHA-256 verifies DNSKEY=6556/SEP
	DS=11755/SHA-256 is published, but a corresponding DNSKEY is not
	DS=40910/SHA-256 is published, but a corresponding DNSKEY is not
	DS=52030/SHA-256 is published, but a corresponding DNSKEY is not
	Found 2 RRSIGs over DNSKEY RRset
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20260304144104 20260202143604 6556 forms.gov. dGwqHoNkjfSzmQM4HeQil6ofGaOilPRZRCwQ073i72ZBZLEKPNUOv0pF21JpOjxFDBnCudmlzT3o bk01VrpWOVYF/n2ApEKSsPZaXEkq+JVOWW9z7AxAClLf1+PJm42gwdFWD5erlqIfIJeeTsETkJof qMqkC4wrmtDF4NceZU4= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20260304144104 20260202143604 44106 forms.gov. CRUuSvHTCSd0rjXBIWkCUCOZfIiusEqoBRsccwLA/564Y1zGs2ntFGV4653FZ86xw+AG+QaO5rXr 885aGivIufYW1oCHzhFC2TD+pw/ptyJUKi6e809GWshAiw5jocCZyJtlS3EFFxnkmYHU1YgM0dsD Or59yBauC2paAe3YWRc= )`
	RRSIG=6556 and DNSKEY=6556/SEP verifies the DNSKEY RRset
	RRSIG=44106 and DNSKEY=44106 verifies the DNSKEY RRset
	DNSKEY=44106 is now in the chain-of-trust
	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 14758 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns4.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 265 octets ;; HEADER SECTION ;; id = 17273 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 789057665 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20260304144104 20260202143604 44106 forms.gov. EqbNzcbVIGrNnUssmpdVQwi4D4cbXek30CS28Cfzhu1yLCrMqOQqqzZ1+KbC/BXon0rhW3Vf0hOw Azc+tzEr1p2dFAYE335kNEB+mHAHUlE8IYAFeW30sRMzg8Xzm4huHtEX3Kkd5AZLCFHGS8ljdwT8 sC5xMsJ+CfXzBu1ipBk= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns5.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 265 octets ;; HEADER SECTION ;; id = 35132 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 789057665 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20260304144104 20260202143604 44106 forms.gov. EqbNzcbVIGrNnUssmpdVQwi4D4cbXek30CS28Cfzhu1yLCrMqOQqqzZ1+KbC/BXon0rhW3Vf0hOw Azc+tzEr1p2dFAYE335kNEB+mHAHUlE8IYAFeW30sRMzg8Xzm4huHtEX3Kkd5AZLCFHGS8ljdwT8 sC5xMsJ+CfXzBu1ipBk= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns2.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 265 octets ;; HEADER SECTION ;; id = 16304 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 789057665 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20260304144104 20260202143604 44106 forms.gov. EqbNzcbVIGrNnUssmpdVQwi4D4cbXek30CS28Cfzhu1yLCrMqOQqqzZ1+KbC/BXon0rhW3Vf0hOw Azc+tzEr1p2dFAYE335kNEB+mHAHUlE8IYAFeW30sRMzg8Xzm4huHtEX3Kkd5AZLCFHGS8ljdwT8 sC5xMsJ+CfXzBu1ipBk= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns3.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 265 octets ;; HEADER SECTION ;; id = 61636 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 789057665 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20260304144104 20260202143604 44106 forms.gov. EqbNzcbVIGrNnUssmpdVQwi4D4cbXek30CS28Cfzhu1yLCrMqOQqqzZ1+KbC/BXon0rhW3Vf0hOw Azc+tzEr1p2dFAYE335kNEB+mHAHUlE8IYAFeW30sRMzg8Xzm4huHtEX3Kkd5AZLCFHGS8ljdwT8 sC5xMsJ+CfXzBu1ipBk= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 39356 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= )`
	RRSIG=44106 and DNSKEY=44106 verifies the A RRset

forms.gov

	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 53557 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns5.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 2983 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= )`
	RRSIG=44106 and DNSKEY=44106 verifies the A RRset

forms.gov

	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 41624 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 61725 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= )`
	RRSIG=44106 and DNSKEY=44106 verifies the A RRset

forms.gov

	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 40574 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns3.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 10005 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= )`
	RRSIG=44106 and DNSKEY=44106 verifies the A RRset

forms.gov

	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 55278 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns2.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 41774 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20260304144104 20260202143604 44106 forms.gov. WRYVQ9kFOh7X67FVkP3OBZMrK21vviJBogtKr74aiUUbPjzhOysxo7A9aQZIQLQqZDBkiXMwdyat ADFKMpzLogzg0efks2mSsh8iRRH3sWdnhBo6yPz3d5Ol/kwk2LMAYMRwNvbxpBWp2sVv724pvR1o oS7uKlW59aq7orgnDvU= )`
	RRSIG=44106 and DNSKEY=44106 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: