DNSSEC Debugger - forms.gov

Domain Name:

Time: 2025-05-21 15:35:22 UTC

Analyzing DNSSEC problems for forms.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to d.root-servers.net for ./DNSKEY
	Received 1139 bytes from 199.7.91.13
	;; Response received from [199.7.91.13] 1139 octets ;; HEADER SECTION ;; id = 39717 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1450, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250611000000 20250521000000 20326 . ki8fK9M8rb/I+LSCC+6ZKil/CLh4jxV//8F/PDAFtzupjzeyCotFHL+Tm6kwL2wEOrZaz0a6rEba ZFhLGP+Z1XV0WJb45V0ajLFhU+IV4VCDVbzlXKQ3isrKymu8U7zrj3d/NoPbZAbxGkMfI56xv6Ev FvRYa9bjnIm0Id94ONqFclrlQTNEL25Nq+tDOH/Ro709M4j0NOcW5Ui6gIlILfsvEma+g+rHVMeJ N7Yu5FpOzaCvajJKdDGf4O3e1BI4UGrvxsLaZZGSUkeUifobG6FrTpewm9vDkU0kHfGKPqZurEuk mXcfCb/jevjBQhGG8HwoAQy4nS6IjWGfCjK3CQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250611000000 20250521000000 20326 . ki8fK9M8rb/I+LSCC+6ZKil/CLh4jxV//8F/PDAFtzupjzeyCotFHL+Tm6kwL2wEOrZaz0a6rEba ZFhLGP+Z1XV0WJb45V0ajLFhU+IV4VCDVbzlXKQ3isrKymu8U7zrj3d/NoPbZAbxGkMfI56xv6Ev FvRYa9bjnIm0Id94ONqFclrlQTNEL25Nq+tDOH/Ro709M4j0NOcW5Ui6gIlILfsvEma+g+rHVMeJ N7Yu5FpOzaCvajJKdDGf4O3e1BI4UGrvxsLaZZGSUkeUifobG6FrTpewm9vDkU0kHfGKPqZurEuk mXcfCb/jevjBQhGG8HwoAQy4nS6IjWGfCjK3CQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=38696/SEP is now in the chain-of-trust
	DNSKEY=53148 is now in the chain-of-trust
	Query to c.root-servers.net for forms.gov/A
	Received 619 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 619 octets ;; HEADER SECTION ;; id = 50302 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250603050000 20250521040000 53148 . SIh4WXCX5cSaa/Bz5iyvplBINW43+Ysp1Z63yO6XpTAGLQ8Xyaz7QkMW1h6tW6KUiRni64KAZoSu iwwI6ZIl2ooeAGcsiJ18Ls89CqiuuKRwWSPlSWRdlYKSfFNqOiGa7lkvWT76Ng5Ba1f+TUgUWfld yFBEdoLJhjtvF65guyUIPJTTYIaCq4yvpGzCvuj7z0Pa5gc2/Y0lnEwmInNH5tAgcAr+OWbqytUf 72558CSXvYu3V3Q46PNLi0VuFR5Wft6gDkULCRNX0w+ZLalQblXUoLODNJ7VYCW9CVVtJpaftN7w 6xo0jh9ySRWNve7wJAyrYrJRsEzK3npZTnv9MA== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Query to m.root-servers.net for gov/DNSKEY
	Received 613 bytes from 202.12.27.33
	;; Response received from [202.12.27.33] 613 octets ;; HEADER SECTION ;; id = 54601 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250603050000 20250521040000 53148 . SIh4WXCX5cSaa/Bz5iyvplBINW43+Ysp1Z63yO6XpTAGLQ8Xyaz7QkMW1h6tW6KUiRni64KAZoSu iwwI6ZIl2ooeAGcsiJ18Ls89CqiuuKRwWSPlSWRdlYKSfFNqOiGa7lkvWT76Ng5Ba1f+TUgUWfld yFBEdoLJhjtvF65guyUIPJTTYIaCq4yvpGzCvuj7z0Pa5gc2/Y0lnEwmInNH5tAgcAr+OWbqytUf 72558CSXvYu3V3Q46PNLi0VuFR5Wft6gDkULCRNX0w+ZLalQblXUoLODNJ7VYCW9CVVtJpaftN7w 6xo0jh9ySRWNve7wJAyrYrJRsEzK3npZTnv9MA== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to c.root-servers.net for gov/DS
	Received 367 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 367 octets ;; HEADER SECTION ;; id = 38849 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250603050000 20250521040000 53148 . SIh4WXCX5cSaa/Bz5iyvplBINW43+Ysp1Z63yO6XpTAGLQ8Xyaz7QkMW1h6tW6KUiRni64KAZoSu iwwI6ZIl2ooeAGcsiJ18Ls89CqiuuKRwWSPlSWRdlYKSfFNqOiGa7lkvWT76Ng5Ba1f+TUgUWfld yFBEdoLJhjtvF65guyUIPJTTYIaCq4yvpGzCvuj7z0Pa5gc2/Y0lnEwmInNH5tAgcAr+OWbqytUf 72558CSXvYu3V3Q46PNLi0VuFR5Wft6gDkULCRNX0w+ZLalQblXUoLODNJ7VYCW9CVVtJpaftN7w 6xo0jh9ySRWNve7wJAyrYrJRsEzK3npZTnv9MA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20250603050000 20250521040000 53148 . SIh4WXCX5cSaa/Bz5iyvplBINW43+Ysp1Z63yO6XpTAGLQ8Xyaz7QkMW1h6tW6KUiRni64KAZoSu iwwI6ZIl2ooeAGcsiJ18Ls89CqiuuKRwWSPlSWRdlYKSfFNqOiGa7lkvWT76Ng5Ba1f+TUgUWfld yFBEdoLJhjtvF65guyUIPJTTYIaCq4yvpGzCvuj7z0Pa5gc2/Y0lnEwmInNH5tAgcAr+OWbqytUf 72558CSXvYu3V3Q46PNLi0VuFR5Wft6gDkULCRNX0w+ZLalQblXUoLODNJ7VYCW9CVVtJpaftN7w 6xo0jh9ySRWNve7wJAyrYrJRsEzK3npZTnv9MA== )`
	RRSIG=53148 and DNSKEY=53148 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to c.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 291 octets ;; HEADER SECTION ;; id = 36427 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250704110557 20250504110557 2536 gov. tAeRYp56dPYu79FfML7RVcEKV8saNzG7X9/H2Krxd6fbG/aG0lMmwKQbHE4g3q3S7bIopKhjIVcm rIYydkI0uQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250704110557 20250504110557 2536 gov. tAeRYp56dPYu79FfML7RVcEKV8saNzG7X9/H2Krxd6fbG/aG0lMmwKQbHE4g3q3S7bIopKhjIVcm rIYydkI0uQ== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to b.ns.gov for forms.gov/A
	Received 467 bytes from 199.33.231.1
	;; Response received from [199.33.231.1] 467 octets ;; HEADER SECTION ;; id = 1724 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250522163522 20250520143522 35496 gov. ZmHW5660zCFwvdL+ANk1rbha6NxiUihwZjKcCJm4m3hvr5IZnaRPBjleo30zTlui0mPUZZWNiI+P czycoIAHGA== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Query to d.ns.gov for forms.gov/DNSKEY
	Received 467 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 467 octets ;; HEADER SECTION ;; id = 23102 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 8 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (8 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250522163522 20250520143522 35496 gov. BXxMWXjIkXNxggyTrcGuK62Qe51aoHK+ApKQW6F3Doc27WqCU2IEA7N62WRpBhi6jhrhrfVKV/3B 6dO9P4nAPQ== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Found child zone forms.gov

forms.gov

	Checking DS between gov and forms.gov
	Query to d.ns.gov for forms.gov/DS
	Received 233 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 233 octets ;; HEADER SECTION ;; id = 42898 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DS ;; ANSWER SECTION (3 records) forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250522163522 20250520143522 35496 gov. eGuoqfyYyvqzbRCmRPhhM1ECgMGvqyqBSaBucchTMKcf5bu3qZIaiFDF7pl+hIlSzMmeU/xrO/qO 9ht0aAH4Gw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DS records for forms.gov in the gov zone
	DS=11755/SHA-256 has algorithm RSASHA256
	DS=52030/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250522163522 20250520143522 35496 gov. eGuoqfyYyvqzbRCmRPhhM1ECgMGvqyqBSaBucchTMKcf5bu3qZIaiFDF7pl+hIlSzMmeU/xrO/qO 9ht0aAH4Gw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=11755/SHA-256 is now in the chain-of-trust
	DS=52030/SHA-256 is now in the chain-of-trust
	`forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 )`
	`forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b )`
	Query to dns2.gsa.gov for forms.gov/DNSKEY
	Received 1137 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 1137 octets ;; HEADER SECTION ;; id = 64866 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 7 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (7 records) forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAbDaaFs20EYU4TlKVszR5J1xX6r32kI4iwTVQQgkwjx0qsgpuq2aJNnNGUgXk5k/Rxfr8Ajq TfoqItlquFykiNlTyY1BiykrtrgYGZEoJtEtao0hn1JvrmMZAb0ryRMzi3g3n4PKeHowxQW0i4nq HVGO5HryiCzoy68ya8WZ7boz ) ; keytag 26800 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAbKmdvBgH1ysK9JpKcJgowJUNoCEpvFtaLI5Lph9QxMiyJCrXJ1RQVnrt6qRL6FlIHDnxqog kUHlGdj7uO53YppJC1MT5T5+/N9OIv09o1ujrSChlcc7leO432k2ksEhRJyTLAViRLVTZLorcirU HI83UmtLBjhDu0fubUmnGOxV ) ; keytag 52030 forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAbQPNfB19mevOXtyCIoAvHT2wO92yyENX/t76kbh9NKrJiMrDncMUDGgYcNLHTxxJqpGB3sp HjTXZbN7XIwDCVD9AQa2gMJQTMmsQ4PXpABtVwLaBj4h40IKPQvSMCsrbiCj0L0hjebTb+aGArIr PK6C/N8sMuoAAXSxASF7Rppv ) ; keytag 10143 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910 forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250618025606 20250519025106 10143 forms.gov. O6vu5lmeIfw+KVF301lQbQqhRv9SmrJYPC0BspqIJrcBP1vqHXeK371toVKgcN3AxxwyyC4r9zoT DKTqwL1kVcTDHRMPBJ9U1LyVurkkqBHHDeHI115fe+Kj44MiEspNQ4MkJX0ZkbMR7nLmGO6absT7 k1GH5mQzCdAxMqX/8tE= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250618025606 20250519025106 26800 forms.gov. Oorh4ddS21zgxgOeH0hqDi6HkszuWoYlRsk3HCIAoMYU9VqCi2qVushyPDLSayYpXjzXVCbjPwxv Pc314gIsCza+Wxc9EbjFSdcUjhvdZVAZCj7xSfc54zPudv5iAMWIOWnBEuiWKa8mro9amoHOYagW pdQzdoK22SdJ4nco3rM= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250618025606 20250519025106 52030 forms.gov. TESj55oV8HStVUpZdYBWmR3wQOsNTNty7Aps+mX3IkNdWK3HeeShg7RYpu05UbwT6+nn3wab74Jp XIqTjiAt33gBZW3UBvDj6kN3ptRmJZsqpW1T+Zy+j2Xs0NDSXKYigz7RYFfvE4cz5cywd40EzkDs lk8EZEIwf6TtGirAoyQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for forms.gov
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAbDaaFs20EYU4TlKVszR5J1xX6r32kI4iwTVQQgkwjx0qsgpuq2aJNnNGUgXk5k/Rxfr8Ajq TfoqItlquFykiNlTyY1BiykrtrgYGZEoJtEtao0hn1JvrmMZAb0ryRMzi3g3n4PKeHowxQW0i4nq HVGO5HryiCzoy68ya8WZ7boz ) ; keytag 26800`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAbKmdvBgH1ysK9JpKcJgowJUNoCEpvFtaLI5Lph9QxMiyJCrXJ1RQVnrt6qRL6FlIHDnxqog kUHlGdj7uO53YppJC1MT5T5+/N9OIv09o1ujrSChlcc7leO432k2ksEhRJyTLAViRLVTZLorcirU HI83UmtLBjhDu0fubUmnGOxV ) ; keytag 52030`
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAbQPNfB19mevOXtyCIoAvHT2wO92yyENX/t76kbh9NKrJiMrDncMUDGgYcNLHTxxJqpGB3sp HjTXZbN7XIwDCVD9AQa2gMJQTMmsQ4PXpABtVwLaBj4h40IKPQvSMCsrbiCj0L0hjebTb+aGArIr PK6C/N8sMuoAAXSxASF7Rppv ) ; keytag 10143`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910`
	DNSKEY=52030/SEP is now in the chain-of-trust
	DS=52030/SHA-256 verifies DNSKEY=52030/SEP
	DS=11755/SHA-256 is published, but a corresponding DNSKEY is not
	Found 3 RRSIGs over DNSKEY RRset
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250618025606 20250519025106 10143 forms.gov. O6vu5lmeIfw+KVF301lQbQqhRv9SmrJYPC0BspqIJrcBP1vqHXeK371toVKgcN3AxxwyyC4r9zoT DKTqwL1kVcTDHRMPBJ9U1LyVurkkqBHHDeHI115fe+Kj44MiEspNQ4MkJX0ZkbMR7nLmGO6absT7 k1GH5mQzCdAxMqX/8tE= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250618025606 20250519025106 26800 forms.gov. Oorh4ddS21zgxgOeH0hqDi6HkszuWoYlRsk3HCIAoMYU9VqCi2qVushyPDLSayYpXjzXVCbjPwxv Pc314gIsCza+Wxc9EbjFSdcUjhvdZVAZCj7xSfc54zPudv5iAMWIOWnBEuiWKa8mro9amoHOYagW pdQzdoK22SdJ4nco3rM= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250618025606 20250519025106 52030 forms.gov. TESj55oV8HStVUpZdYBWmR3wQOsNTNty7Aps+mX3IkNdWK3HeeShg7RYpu05UbwT6+nn3wab74Jp XIqTjiAt33gBZW3UBvDj6kN3ptRmJZsqpW1T+Zy+j2Xs0NDSXKYigz7RYFfvE4cz5cywd40EzkDs lk8EZEIwf6TtGirAoyQ= )`
	RRSIG=10143 and DNSKEY=10143 verifies the DNSKEY RRset
	RRSIG=26800 and DNSKEY=26800 verifies the DNSKEY RRset
	RRSIG=52030 and DNSKEY=52030/SEP verifies the DNSKEY RRset
	DNSKEY=26800 is now in the chain-of-trust
	DNSKEY=10143 is now in the chain-of-trust
	DNSKEY=40910/SEP is now in the chain-of-trust
	Query to dns5.gsa.gov for forms.gov/A
	Received 392 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 392 octets ;; HEADER SECTION ;; id = 46926 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns5.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/SOA
	Received 434 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 434 octets ;; HEADER SECTION ;; id = 55040 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (3 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 766637767 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 10143 forms.gov. JN2ZYRA1TGD2Vp7VgrygZOsHLvIN2kw3DyKAzN+AyF+v1EgGSqeOgOraYyruYp5qO85ZRq/Hm6AQ wX7z7W0YrCj+Okq3cc1vcoAdOJIjvKXjgGqXaCl+76JIuZ9XB5g6GjI4qArro7Wq4TwI/Vo5CSaQ Jv+lQthQQjv4HysogF0= ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 26800 forms.gov. Wbw5pUzHczQQ51nD6ZKoKSFLkfuECJWr1yHin3WN3Ag8VFooeycp6Vn12xDuqRGXRmqQIlogK1R6 BnIO2spDB/E44veMJioAVV5HxExp5YNnPC4LpHhuFoc1Boe3lfHZFg7teijWw5Mf8KtJH5OcFUz+ k+1MNjfr1asfTl3tiDE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns3.gsa.gov for forms.gov/SOA
	Received 434 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 434 octets ;; HEADER SECTION ;; id = 27264 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (3 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 766637767 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 10143 forms.gov. JN2ZYRA1TGD2Vp7VgrygZOsHLvIN2kw3DyKAzN+AyF+v1EgGSqeOgOraYyruYp5qO85ZRq/Hm6AQ wX7z7W0YrCj+Okq3cc1vcoAdOJIjvKXjgGqXaCl+76JIuZ9XB5g6GjI4qArro7Wq4TwI/Vo5CSaQ Jv+lQthQQjv4HysogF0= ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 26800 forms.gov. Wbw5pUzHczQQ51nD6ZKoKSFLkfuECJWr1yHin3WN3Ag8VFooeycp6Vn12xDuqRGXRmqQIlogK1R6 BnIO2spDB/E44veMJioAVV5HxExp5YNnPC4LpHhuFoc1Boe3lfHZFg7teijWw5Mf8KtJH5OcFUz+ k+1MNjfr1asfTl3tiDE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns2.gsa.gov for forms.gov/SOA
	Received 434 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 434 octets ;; HEADER SECTION ;; id = 38171 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (3 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 766637767 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 10143 forms.gov. JN2ZYRA1TGD2Vp7VgrygZOsHLvIN2kw3DyKAzN+AyF+v1EgGSqeOgOraYyruYp5qO85ZRq/Hm6AQ wX7z7W0YrCj+Okq3cc1vcoAdOJIjvKXjgGqXaCl+76JIuZ9XB5g6GjI4qArro7Wq4TwI/Vo5CSaQ Jv+lQthQQjv4HysogF0= ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 26800 forms.gov. Wbw5pUzHczQQ51nD6ZKoKSFLkfuECJWr1yHin3WN3Ag8VFooeycp6Vn12xDuqRGXRmqQIlogK1R6 BnIO2spDB/E44veMJioAVV5HxExp5YNnPC4LpHhuFoc1Boe3lfHZFg7teijWw5Mf8KtJH5OcFUz+ k+1MNjfr1asfTl3tiDE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns.gsa.gov for forms.gov/SOA
	Received 434 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 434 octets ;; HEADER SECTION ;; id = 1886 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (3 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 766637767 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 10143 forms.gov. JN2ZYRA1TGD2Vp7VgrygZOsHLvIN2kw3DyKAzN+AyF+v1EgGSqeOgOraYyruYp5qO85ZRq/Hm6AQ wX7z7W0YrCj+Okq3cc1vcoAdOJIjvKXjgGqXaCl+76JIuZ9XB5g6GjI4qArro7Wq4TwI/Vo5CSaQ Jv+lQthQQjv4HysogF0= ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250618025606 20250519025106 26800 forms.gov. Wbw5pUzHczQQ51nD6ZKoKSFLkfuECJWr1yHin3WN3Ag8VFooeycp6Vn12xDuqRGXRmqQIlogK1R6 BnIO2spDB/E44veMJioAVV5HxExp5YNnPC4LpHhuFoc1Boe3lfHZFg7teijWw5Mf8KtJH5OcFUz+ k+1MNjfr1asfTl3tiDE= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns5.gsa.gov for forms.gov/A
	Received 392 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 392 octets ;; HEADER SECTION ;; id = 21887 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 2 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= )`
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= )`
	RRSIG=10143 and DNSKEY=10143 verifies the A RRset
	RRSIG=26800 and DNSKEY=26800 verifies the A RRset

forms.gov

	Query to dns.gsa.gov for forms.gov/A
	Received 392 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 392 octets ;; HEADER SECTION ;; id = 42152 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns.gsa.gov for forms.gov/A
	Received 392 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 392 octets ;; HEADER SECTION ;; id = 58020 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 2 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= )`
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= )`
	RRSIG=10143 and DNSKEY=10143 verifies the A RRset
	RRSIG=26800 and DNSKEY=26800 verifies the A RRset

forms.gov

	Query to dns3.gsa.gov for forms.gov/A
	Received 392 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 392 octets ;; HEADER SECTION ;; id = 1915 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns3.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/A
	Received 392 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 392 octets ;; HEADER SECTION ;; id = 56827 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 2 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= )`
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= )`
	RRSIG=10143 and DNSKEY=10143 verifies the A RRset
	RRSIG=26800 and DNSKEY=26800 verifies the A RRset

forms.gov

	Query to dns2.gsa.gov for forms.gov/A
	Received 392 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 392 octets ;; HEADER SECTION ;; id = 14374 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns2.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns2.gsa.gov for forms.gov/A
	Received 392 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 392 octets ;; HEADER SECTION ;; id = 5537 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 2 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= )`
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= )`
	RRSIG=10143 and DNSKEY=10143 verifies the A RRset
	RRSIG=26800 and DNSKEY=26800 verifies the A RRset

forms.gov

	Query to dns4.gsa.gov for forms.gov/A
	Received 392 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 392 octets ;; HEADER SECTION ;; id = 21041 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns4.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/A
	Received 392 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 392 octets ;; HEADER SECTION ;; id = 48282 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (3 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= ) forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 2 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 10143 forms.gov. hWVCNd9xjaCL1NtkGpf7UV1/tcUdhF9X0JGFq8fPAR72TzHwNP5zp60Y3+BqZ4yDrntk8WWBABIq rcYw21nDow3o3v0tgmsxi50wtcTu+QR/kuXI39nu0AJEmGKBURMBK/hYKfUZhGesMcpYTY0Bik11 VqJdj8fo403Iz4+eAuM= )`
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250618025606 20250519025106 26800 forms.gov. IBWFnl/dR619pHgfa1qWFXvAjSzFfebq3PAk+EIJm9vxeYxm1cIp3A0eRAv9c/uhuXd77m9enPrl bHU/M0fw/tNqgipi6GOfha5tnMyB/PVSMNRn6OX4tgKvuYJi3k7DQhHdoZK5mgqYX3nEp/m5UgKI XXa3EU6Cyon5oOqei4E= )`
	RRSIG=10143 and DNSKEY=10143 verifies the A RRset
	RRSIG=26800 and DNSKEY=26800 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: