DNSSEC Debugger - forms.gov

Domain Name:

Time: 2024-10-22 15:42:42 UTC

Analyzing DNSSEC problems for forms.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to h.root-servers.net for ./DNSKEY
	Received 864 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 864 octets ;; HEADER SECTION ;; id = 49223 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (3 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAc0SunbHdS0KFEyZbYII/+tzsrNzIwurKxmJA+0fhAYlTPA/5LrMGkGEqvvufzM0w/CaVtdm 5eWkZYQcsoSKT5bycx0C4jxnLEb3ZiZUQSqu1rWcKGF1fj/GyDWLkOu7a5h3el+gPmglj/4l4V31 ugNYfqYq84vCB+3D6Sodrd+85KyonnzWJ8cS7aZ57x0d0sGqsAKA+6tRnIXjVNVe7Ro5xJuz8IR7 rOxdzfuRLriN+Z00EL3U5E7s9SISU/hDh7Q7N70W1mLMc1o2+tCRGjEWrw4wmCWMzc1kegbLES/d UOWFvPjJz0+AEeWDhd2GqtXk02BzAhdfeIAEIv68FTs= ) ; Key ID = 61050 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20241111000000 20241021000000 20326 . alCFgDZS+0l5zcpQ/7R+5OFeCrk9KGkNP2F9ynXIXG6QigPj/9qjm0xxItRJUUim+SrJywAmLKe+ 48oTUeSRyDKVVg3LGDekLKcIVz0EBqTL2y44usDlUlxqx5O0LQVHy4h/hm9+dCXFiSBWoV0LcApl V9OYWhxi+CxmxZU58vK6eVAde8E2JHdeDuy23WF5lxYEg1q7ehEt5EdRvZ7hZzfawEFR3Qv3WMoo tO2eBAAneIe94daJP/i1iwQJ4p+bGVCZ4sJk+Pk9J7lwEQq6GhkdSpLsRxArUhvoVgtnh0LkAV7T sajYk8K2JRt7wHNDbBV6+Vdq2bh7ZPGvLiGkIQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAc0SunbHdS0KFEyZbYII/+tzsrNzIwurKxmJA+0fhAYlTPA/5LrMGkGEqvvufzM0w/CaVtdm 5eWkZYQcsoSKT5bycx0C4jxnLEb3ZiZUQSqu1rWcKGF1fj/GyDWLkOu7a5h3el+gPmglj/4l4V31 ugNYfqYq84vCB+3D6Sodrd+85KyonnzWJ8cS7aZ57x0d0sGqsAKA+6tRnIXjVNVe7Ro5xJuz8IR7 rOxdzfuRLriN+Z00EL3U5E7s9SISU/hDh7Q7N70W1mLMc1o2+tCRGjEWrw4wmCWMzc1kegbLES/d UOWFvPjJz0+AEeWDhd2GqtXk02BzAhdfeIAEIv68FTs= ) ; Key ID = 61050`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20241111000000 20241021000000 20326 . alCFgDZS+0l5zcpQ/7R+5OFeCrk9KGkNP2F9ynXIXG6QigPj/9qjm0xxItRJUUim+SrJywAmLKe+ 48oTUeSRyDKVVg3LGDekLKcIVz0EBqTL2y44usDlUlxqx5O0LQVHy4h/hm9+dCXFiSBWoV0LcApl V9OYWhxi+CxmxZU58vK6eVAde8E2JHdeDuy23WF5lxYEg1q7ehEt5EdRvZ7hZzfawEFR3Qv3WMoo tO2eBAAneIe94daJP/i1iwQJ4p+bGVCZ4sJk+Pk9J7lwEQq6GhkdSpLsRxArUhvoVgtnh0LkAV7T sajYk8K2JRt7wHNDbBV6+Vdq2bh7ZPGvLiGkIQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=61050 is now in the chain-of-trust
	Query to c.root-servers.net for forms.gov/A
	Received 619 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 619 octets ;; HEADER SECTION ;; id = 3959 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20241104050000 20241022040000 61050 . QDXVOwEnASUAI40BGDttxq7qGhvCMEac486WIGSve98vzbXX+DtkWnd7z8LaETy7VbTIPy1KOj5A BPnEWAck4dyal0iO3FGHMxTjlkOGHkjZ/EwUux+CeESCvZJ9VjcktKR7o7yg/sC6bf6HcJ2EgnA+ Ck0Yh6B5e7GX8R0YJG95CgxCX/MQtOxgOJUekfUTz7Yi+HlYhCoLolP+DQWkPnzCZabd8FoOexHX Fsme/6iHMa3inPLa3R7hXiygsW0/QHY8CsJbqkZX3TFiHIKi+mr3hx/h/gbROLcqge7E0vtKsKdu vqeO1X7dSFlbxuuoRZUvPi+7/uMv1+kVge+YXw== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Query to l.root-servers.net for gov/DNSKEY
	Received 610 bytes from 199.7.83.42
	;; Response received from [199.7.83.42] 610 octets ;; HEADER SECTION ;; id = 13752 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 9 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20241104050000 20241022040000 61050 . QDXVOwEnASUAI40BGDttxq7qGhvCMEac486WIGSve98vzbXX+DtkWnd7z8LaETy7VbTIPy1KOj5A BPnEWAck4dyal0iO3FGHMxTjlkOGHkjZ/EwUux+CeESCvZJ9VjcktKR7o7yg/sC6bf6HcJ2EgnA+ Ck0Yh6B5e7GX8R0YJG95CgxCX/MQtOxgOJUekfUTz7Yi+HlYhCoLolP+DQWkPnzCZabd8FoOexHX Fsme/6iHMa3inPLa3R7hXiygsW0/QHY8CsJbqkZX3TFiHIKi+mr3hx/h/gbROLcqge7E0vtKsKdu vqeO1X7dSFlbxuuoRZUvPi+7/uMv1+kVge+YXw== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to g.root-servers.net for gov/DS
	Received 367 bytes from 192.112.36.4
	;; Response received from [192.112.36.4] 367 octets ;; HEADER SECTION ;; id = 51178 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20241104050000 20241022040000 61050 . QDXVOwEnASUAI40BGDttxq7qGhvCMEac486WIGSve98vzbXX+DtkWnd7z8LaETy7VbTIPy1KOj5A BPnEWAck4dyal0iO3FGHMxTjlkOGHkjZ/EwUux+CeESCvZJ9VjcktKR7o7yg/sC6bf6HcJ2EgnA+ Ck0Yh6B5e7GX8R0YJG95CgxCX/MQtOxgOJUekfUTz7Yi+HlYhCoLolP+DQWkPnzCZabd8FoOexHX Fsme/6iHMa3inPLa3R7hXiygsW0/QHY8CsJbqkZX3TFiHIKi+mr3hx/h/gbROLcqge7E0vtKsKdu vqeO1X7dSFlbxuuoRZUvPi+7/uMv1+kVge+YXw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20241104050000 20241022040000 61050 . QDXVOwEnASUAI40BGDttxq7qGhvCMEac486WIGSve98vzbXX+DtkWnd7z8LaETy7VbTIPy1KOj5A BPnEWAck4dyal0iO3FGHMxTjlkOGHkjZ/EwUux+CeESCvZJ9VjcktKR7o7yg/sC6bf6HcJ2EgnA+ Ck0Yh6B5e7GX8R0YJG95CgxCX/MQtOxgOJUekfUTz7Yi+HlYhCoLolP+DQWkPnzCZabd8FoOexHX Fsme/6iHMa3inPLa3R7hXiygsW0/QHY8CsJbqkZX3TFiHIKi+mr3hx/h/gbROLcqge7E0vtKsKdu vqeO1X7dSFlbxuuoRZUvPi+7/uMv1+kVge+YXw== )`
	RRSIG=61050 and DNSKEY=61050 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to c.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 291 octets ;; HEADER SECTION ;; id = 31525 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; Key ID = 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; Key ID = 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20241130110534 20240930110534 2536 gov. h+Iyb0tqmydmCz6R4wG6Ldr2zopf1WBr/SM7MutctneoFWjCjO/k0ErdVLVoXEXenkMNv5My6iIv oCnmSrJeOQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; Key ID = 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; Key ID = 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20241130110534 20240930110534 2536 gov. h+Iyb0tqmydmCz6R4wG6Ldr2zopf1WBr/SM7MutctneoFWjCjO/k0ErdVLVoXEXenkMNv5My6iIv oCnmSrJeOQ== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.gov for forms.gov/A
	Received 563 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 563 octets ;; HEADER SECTION ;; id = 45366 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 10 arcount = 8 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (10 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 50240 8 2 03949e7a3e3efb1d7eb990094a26a003b37ea5a588b2d2e881a764aac1926f86 ) forms.gov. 3600 IN DS ( 52831 8 2 f255609bb8e3523b154e85efdb0d68087ddf076ecf14b48ac9a75fef77757b56 ) forms.gov. 3600 IN DS ( 65507 8 2 f0a9ecafee96f08da2ed6dc36a63b347797d405ce6c8baff78aad6c8ef08c7f7 ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20241023164242 20241021144242 35496 gov. pmex/CgrMkYxMoavORoXtDPpRhlfbfmSXt+FyLXcZRUaWPyKqM3q93/iYa4Dxc64t1hLrd1Ugw3u TC0COekoXQ== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Query to a.ns.gov for forms.gov/DNSKEY
	Received 563 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 563 octets ;; HEADER SECTION ;; id = 31439 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 10 arcount = 8 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (10 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 50240 8 2 03949e7a3e3efb1d7eb990094a26a003b37ea5a588b2d2e881a764aac1926f86 ) forms.gov. 3600 IN DS ( 52831 8 2 f255609bb8e3523b154e85efdb0d68087ddf076ecf14b48ac9a75fef77757b56 ) forms.gov. 3600 IN DS ( 65507 8 2 f0a9ecafee96f08da2ed6dc36a63b347797d405ce6c8baff78aad6c8ef08c7f7 ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20241023164242 20241021144242 35496 gov. zttYUuq4oknPf+peD03OyC83PrIdTMRu3zeAyvaK4UNbN49TVPzzFPFS/B0qKRZl1ypUNEOcXzl+ zeR/F+zTpg== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Found child zone forms.gov

forms.gov

	Checking DS between gov and forms.gov
	Query to c.ns.gov for forms.gov/DS
	Received 329 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 329 octets ;; HEADER SECTION ;; id = 36602 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 5 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DS ;; ANSWER SECTION (5 records) forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 50240 8 2 03949e7a3e3efb1d7eb990094a26a003b37ea5a588b2d2e881a764aac1926f86 ) forms.gov. 3600 IN DS ( 52831 8 2 f255609bb8e3523b154e85efdb0d68087ddf076ecf14b48ac9a75fef77757b56 ) forms.gov. 3600 IN DS ( 65507 8 2 f0a9ecafee96f08da2ed6dc36a63b347797d405ce6c8baff78aad6c8ef08c7f7 ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20241023164242 20241021144242 35496 gov. 5zvImvg2djdho4T5GwuzsldJr2hfOCw/euRJAqIiiCkrVdxVO0TejM0lrZvcD+2P+Xv2TYoOiKhz WZPQ7VNgMQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DS records for forms.gov in the gov zone
	DS=11755/SHA-256 has algorithm RSASHA256
	DS=50240/SHA-256 has algorithm RSASHA256
	DS=52831/SHA-256 has algorithm RSASHA256
	DS=65507/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20241023164242 20241021144242 35496 gov. 5zvImvg2djdho4T5GwuzsldJr2hfOCw/euRJAqIiiCkrVdxVO0TejM0lrZvcD+2P+Xv2TYoOiKhz WZPQ7VNgMQ== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=11755/SHA-256 is now in the chain-of-trust
	DS=50240/SHA-256 is now in the chain-of-trust
	DS=52831/SHA-256 is now in the chain-of-trust
	DS=65507/SHA-256 is now in the chain-of-trust
	`forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 )`
	`forms.gov. 3600 IN DS ( 50240 8 2 03949e7a3e3efb1d7eb990094a26a003b37ea5a588b2d2e881a764aac1926f86 )`
	`forms.gov. 3600 IN DS ( 52831 8 2 f255609bb8e3523b154e85efdb0d68087ddf076ecf14b48ac9a75fef77757b56 )`
	`forms.gov. 3600 IN DS ( 65507 8 2 f0a9ecafee96f08da2ed6dc36a63b347797d405ce6c8baff78aad6c8ef08c7f7 )`
	Query to dns4.gsa.gov for forms.gov/DNSKEY
	Received 672 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 672 octets ;; HEADER SECTION ;; id = 52307 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (4 records) forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAZb62WYuwqp7zfdX4ENKVu1z+yYR5aT9qbe+eOo+cf8a5dU7QWyTJbndLFCjijWx/KM5WhxP cNPhcMlYmTLj4zGP/YUjURjLyitTpYdE1IfwONCwziEgQigsM7UO+8imiLNYKYU2vwa4qbUHTcqY YzFgLVhnaee/T4gNjGRkyNql ) ; Key ID = 59580 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAbZ4vjfsE0SCmwYT9uUFJD1If+InMgnEiGWMClqEzkhrFmIVna0KD93lOBlTgVAJ12gi4Zx6 NFvuyMJSP8aZfWhLMpf3cdJJIMEAr+kuRfcrPaIBvPnHWlLBaH9nrewMG17QyRncymwq/gaGwZVk CBZCTXrS/1+863lCJBZodqRZ ) ; Key ID = 11755 forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20241107132959 20241008132459 11755 forms.gov. rU8zmDFiv4F9r9cv5/YRoOS/sVPbEvMOG5nG6XOFOEf/x85mQEX8Q9n7NL1oN6K6nGui5Ki6+c5s RgidIuALVFhoY3Zkph4x6ykwG+R6X57RzSLjBzCy9lhfIJIG2nO3Jd97BaXQFnuOEF5D1tlXAspi ghVPOT5XX6qv1ch6A3I= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20241107132959 20241008132459 59580 forms.gov. UQfs6c8uJnrH51zA36+uJrv53voTawvaf2+k6J8T3qToxlhwY/Lvu/v4t0NQ9VTIqPkE5GqHpz1W OuC7etYGkU9tTr/L9/4MMUymSvwn0EjPaW0+12L4SNSkSGUtz48qzudN5oxjcdRh9PiWfax14VKv fTxtD2T6hDGBwtpQLjc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for forms.gov
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAZb62WYuwqp7zfdX4ENKVu1z+yYR5aT9qbe+eOo+cf8a5dU7QWyTJbndLFCjijWx/KM5WhxP cNPhcMlYmTLj4zGP/YUjURjLyitTpYdE1IfwONCwziEgQigsM7UO+8imiLNYKYU2vwa4qbUHTcqY YzFgLVhnaee/T4gNjGRkyNql ) ; Key ID = 59580`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAbZ4vjfsE0SCmwYT9uUFJD1If+InMgnEiGWMClqEzkhrFmIVna0KD93lOBlTgVAJ12gi4Zx6 NFvuyMJSP8aZfWhLMpf3cdJJIMEAr+kuRfcrPaIBvPnHWlLBaH9nrewMG17QyRncymwq/gaGwZVk CBZCTXrS/1+863lCJBZodqRZ ) ; Key ID = 11755`
	DNSKEY=11755/SEP is now in the chain-of-trust
	DS=11755/SHA-256 verifies DNSKEY=11755/SEP
	DS=50240/SHA-256 is published, but a corresponding DNSKEY is not
	DS=52831/SHA-256 is published, but a corresponding DNSKEY is not
	DS=65507/SHA-256 is published, but a corresponding DNSKEY is not
	Found 2 RRSIGs over DNSKEY RRset
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20241107132959 20241008132459 11755 forms.gov. rU8zmDFiv4F9r9cv5/YRoOS/sVPbEvMOG5nG6XOFOEf/x85mQEX8Q9n7NL1oN6K6nGui5Ki6+c5s RgidIuALVFhoY3Zkph4x6ykwG+R6X57RzSLjBzCy9lhfIJIG2nO3Jd97BaXQFnuOEF5D1tlXAspi ghVPOT5XX6qv1ch6A3I= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20241107132959 20241008132459 59580 forms.gov. UQfs6c8uJnrH51zA36+uJrv53voTawvaf2+k6J8T3qToxlhwY/Lvu/v4t0NQ9VTIqPkE5GqHpz1W OuC7etYGkU9tTr/L9/4MMUymSvwn0EjPaW0+12L4SNSkSGUtz48qzudN5oxjcdRh9PiWfax14VKv fTxtD2T6hDGBwtpQLjc= )`
	RRSIG=11755 and DNSKEY=11755/SEP verifies the DNSKEY RRset
	RRSIG=59580 and DNSKEY=59580 verifies the DNSKEY RRset
	DNSKEY=59580 is now in the chain-of-trust
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 2209 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 265 octets ;; HEADER SECTION ;; id = 29342 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 747408601 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20241110163142 20241011153142 59580 forms.gov. DcKoMtBwd7/sjNvivd3YHg6fgJm8NNTcFJ+5iQwHu6MF97eKsFKPquunlBdEgF65o0uHbKKHpjYR NOUfakHRkV+zTzoG4IbDLHw6rreGaw47QGgo9Lcu0Yh631QoKTDIQDUzwBdUK4sBE7ELpyxWhJvK jfgdlePC8Ma/fEnTZzc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns4.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 265 octets ;; HEADER SECTION ;; id = 52660 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 747408601 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20241110163142 20241011153142 59580 forms.gov. DcKoMtBwd7/sjNvivd3YHg6fgJm8NNTcFJ+5iQwHu6MF97eKsFKPquunlBdEgF65o0uHbKKHpjYR NOUfakHRkV+zTzoG4IbDLHw6rreGaw47QGgo9Lcu0Yh631QoKTDIQDUzwBdUK4sBE7ELpyxWhJvK jfgdlePC8Ma/fEnTZzc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns5.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 265 octets ;; HEADER SECTION ;; id = 2528 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 747408601 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20241110163142 20241011153142 59580 forms.gov. DcKoMtBwd7/sjNvivd3YHg6fgJm8NNTcFJ+5iQwHu6MF97eKsFKPquunlBdEgF65o0uHbKKHpjYR NOUfakHRkV+zTzoG4IbDLHw6rreGaw47QGgo9Lcu0Yh631QoKTDIQDUzwBdUK4sBE7ELpyxWhJvK jfgdlePC8Ma/fEnTZzc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns2.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 265 octets ;; HEADER SECTION ;; id = 23969 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 747408601 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20241110163142 20241011153142 59580 forms.gov. DcKoMtBwd7/sjNvivd3YHg6fgJm8NNTcFJ+5iQwHu6MF97eKsFKPquunlBdEgF65o0uHbKKHpjYR NOUfakHRkV+zTzoG4IbDLHw6rreGaw47QGgo9Lcu0Yh631QoKTDIQDUzwBdUK4sBE7ELpyxWhJvK jfgdlePC8Ma/fEnTZzc= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 39653 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= )`
	RRSIG=59580 and DNSKEY=59580 verifies the A RRset

forms.gov

	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 205 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns5.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 4522 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= )`
	RRSIG=59580 and DNSKEY=59580 verifies the A RRset

forms.gov

	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 27324 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns2.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 24046 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= )`
	RRSIG=59580 and DNSKEY=59580 verifies the A RRset

forms.gov

	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 1719 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns3.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 11718 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= )`
	RRSIG=59580 and DNSKEY=59580 verifies the A RRset

forms.gov

	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 54187 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns4.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 62989 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20241107132959 20241008132459 59580 forms.gov. Kl/p+c/iwjA1W7bzy3Sz/40cC5b8/DDJLC7StIdKbC/HNUBKdt9vHPKY+c9PkEVnd/fCSUs/6TYj xEJ3WnmbM/DNg4a3H2B2kL9fchD5wnDEj84QjPNkpcSIqedb0QqTNZjzJn8eB5gnH/PE0sS30/Cl 4oVXrD3HfRrSV+7BrH4= )`
	RRSIG=59580 and DNSKEY=59580 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: