DNSSEC Debugger - forms.gov

Domain Name:

Time: 2025-11-10 02:02:53 UTC

Analyzing DNSSEC problems for forms.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to g.root-servers.net for ./DNSKEY
	Received 1141 bytes from 192.112.36.4
	;; Response received from [192.112.36.4] 1141 octets ;; HEADER SECTION ;; id = 61735 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20251121000000 20251031000000 20326 . qnzPUNeV8plQe0Se5Fa0uHS0Ygf4DSnEekaMeH7GQRbNhk6ntkneJFKUN+EBJQfd/JoaY//18qf4 G6YrWE/a+FwJ5oefafEhuJWhITrXMle9e4oy4Z7sjb7e1ajwGSKlcfp0Rsulv/aPlLLfl+4jUijr zzZUvUJA10LzOwswvjI16xA3HMG9rEh0mKY0RywLI+R5NkYgDzY0QGL9BMaUHWNV+eTFBmMpmg3j jKGnIg8jmFhqcypUqLXW7md/oO+k0A8QG39nGvhx7rVDUoaQd7atJH2jtzGeXW8n/XI/ncI9fSoX rLXu6NvJY5bX6dXI9ypg+sFnkF7Fd4TdZ8AasA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAeuS7hMRZ7muj1c/ew2DoavxkBw3jUG5R79pKVDI39fxvlD1HfJYGJERnXuV4SrQfUPzWw/l t5Axb0EqXL/sQ2ZyntVmwQwoSXi2l9smlIKh2UrkTmmozRCPe7GS4fZTE4Ew7AV4YprTLgVmxiGP 4unRuXkYOgQJXCIBpVCmEdUli6X2sm0i5ZilU/Q+rX3RDw+eYPP7K0cJnJ+ZnvQDy14+BFtreWl9 enNQljgGpBp26lEp1z7AbvUfzkQNVCVGaM8jEaCSALXiROlwCQMOdj+tpLXFf99kdJnTQw2cpEr1 uGs/yENAJpoGhbjZAoIkXzDUBSlfFeYz7FWzH6gIe7M= ) ; keytag 61809`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20251121000000 20251031000000 20326 . qnzPUNeV8plQe0Se5Fa0uHS0Ygf4DSnEekaMeH7GQRbNhk6ntkneJFKUN+EBJQfd/JoaY//18qf4 G6YrWE/a+FwJ5oefafEhuJWhITrXMle9e4oy4Z7sjb7e1ajwGSKlcfp0Rsulv/aPlLLfl+4jUijr zzZUvUJA10LzOwswvjI16xA3HMG9rEh0mKY0RywLI+R5NkYgDzY0QGL9BMaUHWNV+eTFBmMpmg3j jKGnIg8jmFhqcypUqLXW7md/oO+k0A8QG39nGvhx7rVDUoaQd7atJH2jtzGeXW8n/XI/ncI9fSoX rLXu6NvJY5bX6dXI9ypg+sFnkF7Fd4TdZ8AasA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=61809 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to e.root-servers.net for forms.gov/A
	Received 616 bytes from 192.203.230.10
	;; Response received from [192.203.230.10] 616 octets ;; HEADER SECTION ;; id = 23205 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1472, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251122170000 20251109160000 61809 . UKAuerckTehHMGg2WTEy+U5TuWQ3+Nmw+vXaNuZc/koIXGdzyw38o5dRb7D1NOtHJkGPC4Q6k5sC 6chQ8r8mCrc+FhlE8o0VO3Ah7zFRLQhvoTXrCY7clheaZ99PLfO8BZkHtJcEue7DSwfUWjetW8fh jCFbejZefOXdlAoe6xhCekgxrAvOpkUPwHAyi1DSp2M5vG7x4q6SH5E7kF0P0YETCroPY8IdHfJs IceMDtiJSfdpY0aWj7Qk4+2VEjsm3Dxsu+J29zD+IhJPjenjTPdES6RH96WbXvvfBx+/xCt/Sm1p X0xoSIPv0wSfnoA/2Bn4/hnzPBLG6YAOAa9F+A== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN A 199.33.231.1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN A 199.33.232.1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN A 199.33.233.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Query to l.root-servers.net for gov/DNSKEY
	Received 610 bytes from 199.7.83.42
	;; Response received from [199.7.83.42] 610 octets ;; HEADER SECTION ;; id = 18134 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251122170000 20251109160000 61809 . UKAuerckTehHMGg2WTEy+U5TuWQ3+Nmw+vXaNuZc/koIXGdzyw38o5dRb7D1NOtHJkGPC4Q6k5sC 6chQ8r8mCrc+FhlE8o0VO3Ah7zFRLQhvoTXrCY7clheaZ99PLfO8BZkHtJcEue7DSwfUWjetW8fh jCFbejZefOXdlAoe6xhCekgxrAvOpkUPwHAyi1DSp2M5vG7x4q6SH5E7kF0P0YETCroPY8IdHfJs IceMDtiJSfdpY0aWj7Qk4+2VEjsm3Dxsu+J29zD+IhJPjenjTPdES6RH96WbXvvfBx+/xCt/Sm1p X0xoSIPv0wSfnoA/2Bn4/hnzPBLG6YAOAa9F+A== ) ;; ADDITIONAL SECTION (9 records) a.ns.gov. 172800 IN A 199.33.230.1 b.ns.gov. 172800 IN A 199.33.231.1 c.ns.gov. 172800 IN A 199.33.232.1 d.ns.gov. 172800 IN A 199.33.233.1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to l.root-servers.net for gov/DS
	Received 367 bytes from 199.7.83.42
	;; Response received from [199.7.83.42] 367 octets ;; HEADER SECTION ;; id = 21922 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20251122170000 20251109160000 61809 . UKAuerckTehHMGg2WTEy+U5TuWQ3+Nmw+vXaNuZc/koIXGdzyw38o5dRb7D1NOtHJkGPC4Q6k5sC 6chQ8r8mCrc+FhlE8o0VO3Ah7zFRLQhvoTXrCY7clheaZ99PLfO8BZkHtJcEue7DSwfUWjetW8fh jCFbejZefOXdlAoe6xhCekgxrAvOpkUPwHAyi1DSp2M5vG7x4q6SH5E7kF0P0YETCroPY8IdHfJs IceMDtiJSfdpY0aWj7Qk4+2VEjsm3Dxsu+J29zD+IhJPjenjTPdES6RH96WbXvvfBx+/xCt/Sm1p X0xoSIPv0wSfnoA/2Bn4/hnzPBLG6YAOAa9F+A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20251122170000 20251109160000 61809 . UKAuerckTehHMGg2WTEy+U5TuWQ3+Nmw+vXaNuZc/koIXGdzyw38o5dRb7D1NOtHJkGPC4Q6k5sC 6chQ8r8mCrc+FhlE8o0VO3Ah7zFRLQhvoTXrCY7clheaZ99PLfO8BZkHtJcEue7DSwfUWjetW8fh jCFbejZefOXdlAoe6xhCekgxrAvOpkUPwHAyi1DSp2M5vG7x4q6SH5E7kF0P0YETCroPY8IdHfJs IceMDtiJSfdpY0aWj7Qk4+2VEjsm3Dxsu+J29zD+IhJPjenjTPdES6RH96WbXvvfBx+/xCt/Sm1p X0xoSIPv0wSfnoA/2Bn4/hnzPBLG6YAOAa9F+A== )`
	RRSIG=61809 and DNSKEY=61809 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to a.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 291 octets ;; HEADER SECTION ;; id = 65405 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251219110613 20251019110613 2536 gov. j3FRDkQ+/qhx8n7XWgDk7DC6YuMd0K42x1BaoJP4SEm+WtzI5LbaxO7OS3rDz3G0nG4HtRwBe8wW 1w4LNc5mNA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20251219110613 20251019110613 2536 gov. j3FRDkQ+/qhx8n7XWgDk7DC6YuMd0K42x1BaoJP4SEm+WtzI5LbaxO7OS3rDz3G0nG4HtRwBe8wW 1w4LNc5mNA== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to d.ns.gov for forms.gov/A
	Received 563 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 563 octets ;; HEADER SECTION ;; id = 8981 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 10 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (10 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251111030253 20251109010253 35496 gov. kycU+w7sOdTO6qxuRzAyMSCGO7anNQ+6Fks/lFGkwfHydoWP7FyQcQ00zFYOFQ6Ona25BylwLx0z CRKuhPnGOg== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Query to c.ns.gov for forms.gov/DNSKEY
	Received 563 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 563 octets ;; HEADER SECTION ;; id = 23273 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 10 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (10 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251111030253 20251109010253 35496 gov. MtLpSp85o/G3knLbERIyKIudUQSOxPeLkFTGagRI/L2dq6D3B98BT3fvqLKWIIWWSaBknY7tU7/U gwZewX1EVA== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Found child zone forms.gov

forms.gov

	Checking DS between gov and forms.gov
	Query to c.ns.gov for forms.gov/DS
	Received 329 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 329 octets ;; HEADER SECTION ;; id = 32929 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DS ;; ANSWER SECTION (5 records) forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251111030253 20251109010253 35496 gov. FDMIO32J1KeVedPgorStZrm5MKpP+XHKaWBldHl2kq3ftoH9/lWuXZ7UkZWYc6jBAIRO5ur3fxOi QpauD83Ang== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DS records for forms.gov in the gov zone
	DS=11755/SHA-256 has algorithm RSASHA256
	DS=40910/SHA-256 has algorithm RSASHA256
	DS=52030/SHA-256 has algorithm RSASHA256
	DS=6556/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20251111030253 20251109010253 35496 gov. FDMIO32J1KeVedPgorStZrm5MKpP+XHKaWBldHl2kq3ftoH9/lWuXZ7UkZWYc6jBAIRO5ur3fxOi QpauD83Ang== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=11755/SHA-256 is now in the chain-of-trust
	DS=40910/SHA-256 is now in the chain-of-trust
	DS=52030/SHA-256 is now in the chain-of-trust
	DS=6556/SHA-256 is now in the chain-of-trust
	`forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 )`
	`forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 )`
	`forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b )`
	`forms.gov. 3600 IN DS ( 6556 8 2 04fc05f3cdeace691d55ed1c611e2e21b5d0ed88a32ae8948c8ebd09cbe7b68f )`
	Query to dns5.gsa.gov for forms.gov/DNSKEY
	Received 820 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 820 octets ;; HEADER SECTION ;; id = 58770 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (5 records) forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAYVSOn68ccyT4JbzNYb+U1CcXNaWSTMahgkV1XZ51klXXFwTy5Ql9n5N7BBTvYynkECk76zM 2l1Ak4oqsXigNxWda4QZAUGfu9Acey0EM0EIxURBy0RQL+R1N5xiSYnSdR3qm/PE+idhs91jNNQL To0kFWN4fhUNjEAwrWNuGdIL ) ; keytag 6556 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910 forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAYW/ueujtFVr782V4m8gwujtvK/8LKxxJwc4ZKqr1dDxUJ5k/3e3TMlMupnbwQyvmzr+jKYs u8ZBDgnKZzHAh1JNTON6JH/aAAC9TbV0ElPA4aSBWRMsCxIVVz93Tth3YLxgwKUDiM5NumdE38T+ mQ50jCFUFe0Wdzbuh8XTsdjH ) ; keytag 62650 forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251203125241 20251103124741 40910 forms.gov. yC3+UnEugyOrIJc/M7ahLzGeq1IOgei+dBGof+TwZBWWPgvupFi16UH4cFyt/wCdtQHg7UPnCd5Z FSVKXsKdsBPHgUAAxA66CLIXB6x4dXCCqkBTCRHRy1EZQ/boTEt+S7wQUYprwdgR1L3KpZAJKvES wNdcF4PqrqnDQPSZOZ8= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251203125241 20251103124741 62650 forms.gov. YSh8Oh5sBM73IhSFUv2eOgDNU3pYtZ6hbqPuizEW2ifkPWS0jnIHoQkeUEdRAiB9LFUXxBlexsu4 0JoRMMbONcXfyxtsSfvN6FoNatP0p1YjPbz715tzKY5xkhXOl5Y7ui8t0AsKfPSw1BMfHX0sbfhM 5Xc5EyJfydDRB+vdmQQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for forms.gov
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAYVSOn68ccyT4JbzNYb+U1CcXNaWSTMahgkV1XZ51klXXFwTy5Ql9n5N7BBTvYynkECk76zM 2l1Ak4oqsXigNxWda4QZAUGfu9Acey0EM0EIxURBy0RQL+R1N5xiSYnSdR3qm/PE+idhs91jNNQL To0kFWN4fhUNjEAwrWNuGdIL ) ; keytag 6556`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910`
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAYW/ueujtFVr782V4m8gwujtvK/8LKxxJwc4ZKqr1dDxUJ5k/3e3TMlMupnbwQyvmzr+jKYs u8ZBDgnKZzHAh1JNTON6JH/aAAC9TbV0ElPA4aSBWRMsCxIVVz93Tth3YLxgwKUDiM5NumdE38T+ mQ50jCFUFe0Wdzbuh8XTsdjH ) ; keytag 62650`
	DNSKEY=6556/SEP is now in the chain-of-trust
	DS=6556/SHA-256 verifies DNSKEY=6556/SEP
	DNSKEY=40910/SEP is now in the chain-of-trust
	DS=40910/SHA-256 verifies DNSKEY=40910/SEP
	DS=11755/SHA-256 is published, but a corresponding DNSKEY is not
	DS=52030/SHA-256 is published, but a corresponding DNSKEY is not
	Found 2 RRSIGs over DNSKEY RRset
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251203125241 20251103124741 40910 forms.gov. yC3+UnEugyOrIJc/M7ahLzGeq1IOgei+dBGof+TwZBWWPgvupFi16UH4cFyt/wCdtQHg7UPnCd5Z FSVKXsKdsBPHgUAAxA66CLIXB6x4dXCCqkBTCRHRy1EZQ/boTEt+S7wQUYprwdgR1L3KpZAJKvES wNdcF4PqrqnDQPSZOZ8= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20251203125241 20251103124741 62650 forms.gov. YSh8Oh5sBM73IhSFUv2eOgDNU3pYtZ6hbqPuizEW2ifkPWS0jnIHoQkeUEdRAiB9LFUXxBlexsu4 0JoRMMbONcXfyxtsSfvN6FoNatP0p1YjPbz715tzKY5xkhXOl5Y7ui8t0AsKfPSw1BMfHX0sbfhM 5Xc5EyJfydDRB+vdmQQ= )`
	RRSIG=40910 and DNSKEY=40910/SEP verifies the DNSKEY RRset
	RRSIG=62650 and DNSKEY=62650 verifies the DNSKEY RRset
	DNSKEY=62650 is now in the chain-of-trust
	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 63302 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns3.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 265 octets ;; HEADER SECTION ;; id = 10164 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 781188762 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251203125241 20251103124741 62650 forms.gov. CJdVcgBNyezRtF29LjOBA9zZ+Jr2knP/fhomaj31UQ04z1DqMcx8WEK1RheUSTHFA8QpTexHSi/q x90SV0hBIDS0Quez9PlcHUZ7T0xrdccOeaGVySCDVWrSgZYxgign3REIez2ryEDFiDm/uIDrfSej CVNU/ABmZkg3l+cSEPY= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns4.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 265 octets ;; HEADER SECTION ;; id = 18317 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 781188762 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251203125241 20251103124741 62650 forms.gov. CJdVcgBNyezRtF29LjOBA9zZ+Jr2knP/fhomaj31UQ04z1DqMcx8WEK1RheUSTHFA8QpTexHSi/q x90SV0hBIDS0Quez9PlcHUZ7T0xrdccOeaGVySCDVWrSgZYxgign3REIez2ryEDFiDm/uIDrfSej CVNU/ABmZkg3l+cSEPY= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns2.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 265 octets ;; HEADER SECTION ;; id = 12470 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 781188762 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251203125241 20251103124741 62650 forms.gov. CJdVcgBNyezRtF29LjOBA9zZ+Jr2knP/fhomaj31UQ04z1DqMcx8WEK1RheUSTHFA8QpTexHSi/q x90SV0hBIDS0Quez9PlcHUZ7T0xrdccOeaGVySCDVWrSgZYxgign3REIez2ryEDFiDm/uIDrfSej CVNU/ABmZkg3l+cSEPY= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns5.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 265 octets ;; HEADER SECTION ;; id = 6365 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 781188762 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20251203125241 20251103124741 62650 forms.gov. CJdVcgBNyezRtF29LjOBA9zZ+Jr2knP/fhomaj31UQ04z1DqMcx8WEK1RheUSTHFA8QpTexHSi/q x90SV0hBIDS0Quez9PlcHUZ7T0xrdccOeaGVySCDVWrSgZYxgign3REIez2ryEDFiDm/uIDrfSej CVNU/ABmZkg3l+cSEPY= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 18798 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= )`
	RRSIG=62650 and DNSKEY=62650 verifies the A RRset

forms.gov

	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 11494 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns4.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 24788 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= )`
	RRSIG=62650 and DNSKEY=62650 verifies the A RRset

forms.gov

	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 21983 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns5.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 19598 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= )`
	RRSIG=62650 and DNSKEY=62650 verifies the A RRset

forms.gov

	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 33537 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 29490 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= )`
	RRSIG=62650 and DNSKEY=62650 verifies the A RRset

forms.gov

	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 52247 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns2.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 35897 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20251203125241 20251103124741 62650 forms.gov. b9qWd6SncoRzetnaTcQ2K2AJkWhBK6pv4z+WYmNstSrw4z/B5DC90WmG5K58+leRSBBOvCE9rXH+ IkJka1RaJVQDQw6S2xjRiO9C1qXqcHufUS94M90jeSD7ND4pRCr+tUd17JORU8srVUgAx9AuDkpe xYSEuiQASUZnwiV6QXQ= )`
	RRSIG=62650 and DNSKEY=62650 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: