DNSSEC Debugger - forms.gov

Domain Name:

Time: 2025-07-06 23:27:21 UTC

Analyzing DNSSEC problems for forms.gov

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to f.root-servers.net for ./DNSKEY
	Received 1414 bytes from 192.5.5.241
	;; Response received from [192.5.5.241] 1414 octets ;; HEADER SECTION ;; id = 55680 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 5 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 65535, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (5 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 4 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbauxLSFZ+KSWi2cT6TJbm3d+GIVqb2N1XnDjMsRme0b6JlGp/cvwmM5CaJ5LQ7tG1r7LuTH jYZadtbNk2nZmclq9r4KInS48ungoAZb0gJXVw8IvBTBb1YWQmiBqD285pJuORwTii7DF++nNJJk 3i55HJt9SmBI7m7t8nvx7OOY/w0inxg3fLH2uY0SKO8he4FGwMc4Ubiab8N8Yhyhh+FkKKdD/+oA cuGF75PjlSXO460B4MlNLlEcjDEzIsKauRYx4YVgSaNomGhMMFblmXRzgW+1R6ywvm5mC9+omlyy izZp2GJfPwGMezuKSGDndO6CYYEc5/lsRhvBYsGjdPM= ) ; keytag 46441`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250722000000 20250701000000 20326 . UGhOn2e0xbV2um4IqDwLtkXZVqk32Dz6Orahd8l3n5pQxAPO+PzC96lwt3YdDLFpzmu1FqPWugCK eq5uju1L2DklkEX7hnvBKKzb/Q2dkEA1w85dQQH34II778mePR3fvIDckntFXGsT9a8tdN9tFaP+ qJiwgtNbiKej8YheeX/DAAmZPn0s6/Bg3cLuozR9FXAwkgrA3rjcRpN/jKhPSauHvsin7gCbcUjs jA+P3l9y4Izc5ibPfdUIxVaTUt+OofHUV9VaZoexMQKwggIE78BLAs7AsP7KwlXDB8++Cy6IXVcg +9Gzv3k/gJokM3UHOGa0UrSfCIAKlfMFYADJBA== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=53148 is now in the chain-of-trust
	DNSKEY=46441 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to c.root-servers.net for forms.gov/A
	Received 619 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 619 octets ;; HEADER SECTION ;; id = 58762 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250719170000 20250706160000 46441 . mjnN1zJunAuUCyBeR9uf2pVkHesgu7pxQvU5jSRrD92XVoBWtgo9hv6LnK/BEA880EbohUX+O9dd Nmm2FC8WJAtmOdQtZArLbscxUfY5AIE4t86/MPbZnUJsF2pna+2udGPCzBy2dUnIL662HDb/J9MK PiENOhPfK4rolXDQ372nqoCn8qzng4EI35tQ6CRnfUbnHW705rMVRy8K/yAwcA3i/bPidyXqG8L3 q6cR+/6G9UGuFYF0I+cWy97dR0gEaxromU39oNMHZ+oGLfYAJNRZyXzdvkMsh/PtLlIRpfEC7NWI /h3P1e4ywKHdE1Wj7YI2pHPtoiPCXxgjW1ft8g== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Query to i.root-servers.net for gov/DNSKEY
	Received 613 bytes from 192.36.148.17
	;; Response received from [192.36.148.17] 613 octets ;; HEADER SECTION ;; id = 16145 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 9 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) gov. 172800 IN NS d.ns.gov. gov. 172800 IN NS b.ns.gov. gov. 172800 IN NS a.ns.gov. gov. 172800 IN NS c.ns.gov. gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250719170000 20250706160000 46441 . mjnN1zJunAuUCyBeR9uf2pVkHesgu7pxQvU5jSRrD92XVoBWtgo9hv6LnK/BEA880EbohUX+O9dd Nmm2FC8WJAtmOdQtZArLbscxUfY5AIE4t86/MPbZnUJsF2pna+2udGPCzBy2dUnIL662HDb/J9MK PiENOhPfK4rolXDQ372nqoCn8qzng4EI35tQ6CRnfUbnHW705rMVRy8K/yAwcA3i/bPidyXqG8L3 q6cR+/6G9UGuFYF0I+cWy97dR0gEaxromU39oNMHZ+oGLfYAJNRZyXzdvkMsh/PtLlIRpfEC7NWI /h3P1e4ywKHdE1Wj7YI2pHPtoiPCXxgjW1ft8g== ) ;; ADDITIONAL SECTION (9 records) d.ns.gov. 172800 IN A 199.33.233.1 c.ns.gov. 172800 IN A 199.33.232.1 b.ns.gov. 172800 IN A 199.33.231.1 a.ns.gov. 172800 IN A 199.33.230.1 d.ns.gov. 172800 IN AAAA 2001:503:ff43::1 c.ns.gov. 172800 IN AAAA 2001:503:ff42::1 b.ns.gov. 172800 IN AAAA 2001:503:ff41::1 a.ns.gov. 172800 IN AAAA 2001:503:ff40::1 ;; { "EDNS-VERSION": 0 }
	Found child zone gov

gov

	Checking DS between . and gov
	Query to h.root-servers.net for gov/DS
	Received 367 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 367 octets ;; HEADER SECTION ;; id = 49211 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DS ;; ANSWER SECTION (2 records) gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 ) gov. 86400 IN RRSIG ( DS 8 1 86400 20250719170000 20250706160000 46441 . mjnN1zJunAuUCyBeR9uf2pVkHesgu7pxQvU5jSRrD92XVoBWtgo9hv6LnK/BEA880EbohUX+O9dd Nmm2FC8WJAtmOdQtZArLbscxUfY5AIE4t86/MPbZnUJsF2pna+2udGPCzBy2dUnIL662HDb/J9MK PiENOhPfK4rolXDQ372nqoCn8qzng4EI35tQ6CRnfUbnHW705rMVRy8K/yAwcA3i/bPidyXqG8L3 q6cR+/6G9UGuFYF0I+cWy97dR0gEaxromU39oNMHZ+oGLfYAJNRZyXzdvkMsh/PtLlIRpfEC7NWI /h3P1e4ywKHdE1Wj7YI2pHPtoiPCXxgjW1ft8g== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for gov in the . zone
	DS=2536/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`gov. 86400 IN RRSIG ( DS 8 1 86400 20250719170000 20250706160000 46441 . mjnN1zJunAuUCyBeR9uf2pVkHesgu7pxQvU5jSRrD92XVoBWtgo9hv6LnK/BEA880EbohUX+O9dd Nmm2FC8WJAtmOdQtZArLbscxUfY5AIE4t86/MPbZnUJsF2pna+2udGPCzBy2dUnIL662HDb/J9MK PiENOhPfK4rolXDQ372nqoCn8qzng4EI35tQ6CRnfUbnHW705rMVRy8K/yAwcA3i/bPidyXqG8L3 q6cR+/6G9UGuFYF0I+cWy97dR0gEaxromU39oNMHZ+oGLfYAJNRZyXzdvkMsh/PtLlIRpfEC7NWI /h3P1e4ywKHdE1Wj7YI2pHPtoiPCXxgjW1ft8g== )`
	RRSIG=46441 and DNSKEY=46441 verifies the DS RRset
	DS=2536/SHA-256 is now in the chain-of-trust
	`gov. 86400 IN DS ( 2536 13 2 0baf26b7bbf313a859046fd3b1ee49ddfba33934cfb3e717c21e2a2935c2f259 )`
	Query to d.ns.gov for gov/DNSKEY
	Received 291 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 291 octets ;; HEADER SECTION ;; id = 57711 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; gov. IN DNSKEY ;; ANSWER SECTION (3 records) gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536 gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496 gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for gov
	`gov. 3600 IN DNSKEY ( 257 3 13 D6ZhJTObQw3+kcewWf5iTHbzD3uTdbs5xf0kQfP/VXZcDovWJd0DUgHlp2VC002aLDCwhLoPPVN2 VfyoPnjCqg== ) ; keytag 2536`
	`gov. 3600 IN DNSKEY ( 256 3 13 Of5kU9k4XfdcPwCK9k/zRJNu+Xspnw/BDd+1V6ZpDXRIpHe35BnHTZUBJN9gd6++HkiGXx2YnTji iO7/q+Yamg== ) ; keytag 35496`
	DNSKEY=2536/SEP is now in the chain-of-trust
	DS=2536/SHA-256 verifies DNSKEY=2536/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`gov. 3600 IN RRSIG ( DNSKEY 13 1 3600 20250821110604 20250621110604 2536 gov. n6svyrR3H3gY3Fie3fgekD6gXenvEpExK1GXpXb0NxWZW3AHyD02jwlrZecgESKHXU9ydtsw6ibM Y9FOlT+89A== )`
	RRSIG=2536 and DNSKEY=2536/SEP verifies the DNSKEY RRset
	DNSKEY=35496 is now in the chain-of-trust
	Query to c.ns.gov for forms.gov/A
	Received 515 bytes from 199.33.232.1
	;; Response received from [199.33.232.1] 515 octets ;; HEADER SECTION ;; id = 49726 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250708002721 20250705222721 35496 gov. IdPHIYKLqnjvPPIz9CTGCwkDqTkWXo68ycL6kABIDmQWGOW2BX+eVQLOj7RAt27rRADeyL0haHDR fe+lnVe7lw== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Query to d.ns.gov for forms.gov/DNSKEY
	Received 515 bytes from 199.33.233.1
	;; Response received from [199.33.233.1] 515 octets ;; HEADER SECTION ;; id = 59083 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 9 arcount = 8 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (9 records) forms.gov. 10800 IN NS dns.gsa.gov. forms.gov. 10800 IN NS dns2.gsa.gov. forms.gov. 10800 IN NS dns3.gsa.gov. forms.gov. 10800 IN NS dns4.gsa.gov. forms.gov. 10800 IN NS dns5.gsa.gov. forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250708002721 20250705222721 35496 gov. EQLi4hqRhw0a9CeQcU2fpt0Abdhr7jq2yjzAUdj/QZ/1ivjdNgxmnIiv68uqYOp36THhWwWpqYX2 i6Hlg01/HA== ) ;; ADDITIONAL SECTION (8 records) dns.gsa.gov. 3600 IN A 13.248.142.184 dns.gsa.gov. 3600 IN AAAA 2600:1f16:8f2:d500::4 dns2.gsa.gov. 3600 IN A 76.223.24.135 dns3.gsa.gov. 3600 IN A 13.248.144.182 dns4.gsa.gov. 3600 IN A 13.248.149.147 dns4.gsa.gov. 3600 IN AAAA 2600:1f14:653:bb00:b24e:739c:b87d:8fee dns5.gsa.gov. 3600 IN A 76.223.9.162 ;; { "EDNS-VERSION": 0 }
	Found child zone forms.gov

forms.gov

	Checking DS between gov and forms.gov
	Query to a.ns.gov for forms.gov/DS
	Received 281 bytes from 199.33.230.1
	;; Response received from [199.33.230.1] 281 octets ;; HEADER SECTION ;; id = 6248 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DS ;; ANSWER SECTION (4 records) forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 ) forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 ) forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b ) forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250708002721 20250705222721 35496 gov. KfNEbRrGKpnZBE626RzWG5gfZU6MGdujJCcyD9MlU07qCwjvbyw+LLNgiPd0899GX9vlwwUUdj7D PzTxxHPdXw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DS records for forms.gov in the gov zone
	DS=11755/SHA-256 has algorithm RSASHA256
	DS=40910/SHA-256 has algorithm RSASHA256
	DS=52030/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`forms.gov. 3600 IN RRSIG ( DS 13 2 3600 20250708002721 20250705222721 35496 gov. KfNEbRrGKpnZBE626RzWG5gfZU6MGdujJCcyD9MlU07qCwjvbyw+LLNgiPd0899GX9vlwwUUdj7D PzTxxHPdXw== )`
	RRSIG=35496 and DNSKEY=35496 verifies the DS RRset
	DS=11755/SHA-256 is now in the chain-of-trust
	DS=40910/SHA-256 is now in the chain-of-trust
	DS=52030/SHA-256 is now in the chain-of-trust
	`forms.gov. 3600 IN DS ( 11755 8 2 63a4cbd1a0b4f1674ec6b743cf25d26e90976d962dfdd251cac427c02eb70586 )`
	`forms.gov. 3600 IN DS ( 40910 8 2 b6101c34ea6ebe59a45fb64c9e038aff3337e64369dd2e16e2831a9eba72a4c6 )`
	`forms.gov. 3600 IN DS ( 52030 8 2 be4bb8903e80b86ffc0433118ebe06300921d03d064167a9dad9fb9853b80b0b )`
	Query to dns3.gsa.gov for forms.gov/DNSKEY
	Received 672 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 672 octets ;; HEADER SECTION ;; id = 8608 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN DNSKEY ;; ANSWER SECTION (4 records) forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAZeBeXkwWJQ0CFY/cQ+2RaTOQ4CZzux0EA9V2J57p+L1Wa4tHNRPtGzs2olzScLvlyGxi4bH ssKgpPiUVR9D25/GC6ToKc6WFfTpNzdhhLdyt1cxycKEgS62q7R6W1bHmfZPZGa3Kmwx+lBLlFN9 Hu5aA0XbHd54A0/p78h4H5CP ) ; keytag 23659 forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910 forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250718200808 20250618200308 23659 forms.gov. TILn6GgPgirQKehNOksYT4WlOYDjkAOT10EFTJgnEnUWK5KDFTjmvAzoxldN5ETgAHQ/Rd21dpze OMZJr6hd72Md5+pg5Zpj54eK4j8ggKgEa1hNSB15p13ZJEXmfiBdNO2NDNWhCqVzuqaAULDiT+AR YPA8mbkxmSukSNllgFw= ) forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250718200808 20250618200308 40910 forms.gov. a3iZTQjRaMoDBrmI3m1qDJ3gazJWJGAhwE782AmP7YXMbQwtKU8aXuSQjOuwaLEaJfwDPNEKNp9E YueklhKoWUv+C198IA4dUNqd4MdL9jtXN6EO6Sk4HJlTUOSx5sxZNvO2AppT8NzGmVJVBCNbsRAq 1NEremx4X3dT+/RE9zg= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for forms.gov
	`forms.gov. 10800 IN DNSKEY ( 256 3 8 AwEAAZeBeXkwWJQ0CFY/cQ+2RaTOQ4CZzux0EA9V2J57p+L1Wa4tHNRPtGzs2olzScLvlyGxi4bH ssKgpPiUVR9D25/GC6ToKc6WFfTpNzdhhLdyt1cxycKEgS62q7R6W1bHmfZPZGa3Kmwx+lBLlFN9 Hu5aA0XbHd54A0/p78h4H5CP ) ; keytag 23659`
	`forms.gov. 10800 IN DNSKEY ( 257 3 8 AwEAAd60Yhz/uI0WP9hSqTs30smJHPwFKlXNKqixui7fWik9DHTM1jH5Wt6nA99JS5nT2n4d6vKt PKGumV0P3mYnUCbcSAXr4FjjudotvTDpJzYygXAvhn9MQdxmbIUxXsHNzFKVUCKlS2xOwJVTAJmu YwIWciy6y+9JaZlELwukH65D ) ; keytag 40910`
	DNSKEY=40910/SEP is now in the chain-of-trust
	DS=40910/SHA-256 verifies DNSKEY=40910/SEP
	DS=11755/SHA-256 is published, but a corresponding DNSKEY is not
	DS=52030/SHA-256 is published, but a corresponding DNSKEY is not
	Found 2 RRSIGs over DNSKEY RRset
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250718200808 20250618200308 23659 forms.gov. TILn6GgPgirQKehNOksYT4WlOYDjkAOT10EFTJgnEnUWK5KDFTjmvAzoxldN5ETgAHQ/Rd21dpze OMZJr6hd72Md5+pg5Zpj54eK4j8ggKgEa1hNSB15p13ZJEXmfiBdNO2NDNWhCqVzuqaAULDiT+AR YPA8mbkxmSukSNllgFw= )`
	`forms.gov. 10800 IN RRSIG ( DNSKEY 8 2 10800 20250718200808 20250618200308 40910 forms.gov. a3iZTQjRaMoDBrmI3m1qDJ3gazJWJGAhwE782AmP7YXMbQwtKU8aXuSQjOuwaLEaJfwDPNEKNp9E YueklhKoWUv+C198IA4dUNqd4MdL9jtXN6EO6Sk4HJlTUOSx5sxZNvO2AppT8NzGmVJVBCNbsRAq 1NEremx4X3dT+/RE9zg= )`
	RRSIG=23659 and DNSKEY=23659 verifies the DNSKEY RRset
	RRSIG=40910 and DNSKEY=40910/SEP verifies the DNSKEY RRset
	DNSKEY=23659 is now in the chain-of-trust
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 48913 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 265 octets ;; HEADER SECTION ;; id = 18112 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 769291689 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250718200808 20250618200308 23659 forms.gov. QNIPH/VcB8toiPDmW7pLr8Ozyj23piSfet614UQhQm1LGiYFsn1EV4MiVw9+L7vF8S3jgsuyKtf4 j57way9Sn/udzlJC+NzVh9XA+Grih8Uysi+dNKp+sm8e+bjYuuEt1wT6hIBmiGQm0YcUns7mH+Nb jYNgdULdTsczKmOI7Fo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns2.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 265 octets ;; HEADER SECTION ;; id = 9578 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 769291689 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250718200808 20250618200308 23659 forms.gov. QNIPH/VcB8toiPDmW7pLr8Ozyj23piSfet614UQhQm1LGiYFsn1EV4MiVw9+L7vF8S3jgsuyKtf4 j57way9Sn/udzlJC+NzVh9XA+Grih8Uysi+dNKp+sm8e+bjYuuEt1wT6hIBmiGQm0YcUns7mH+Nb jYNgdULdTsczKmOI7Fo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns3.gsa.gov for forms.gov/SOA
	Received 265 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 265 octets ;; HEADER SECTION ;; id = 63155 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 769291689 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250718200808 20250618200308 23659 forms.gov. QNIPH/VcB8toiPDmW7pLr8Ozyj23piSfet614UQhQm1LGiYFsn1EV4MiVw9+L7vF8S3jgsuyKtf4 j57way9Sn/udzlJC+NzVh9XA+Grih8Uysi+dNKp+sm8e+bjYuuEt1wT6hIBmiGQm0YcUns7mH+Nb jYNgdULdTsczKmOI7Fo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns5.gsa.gov for forms.gov/SOA
	Received 265 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 265 octets ;; HEADER SECTION ;; id = 25259 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN SOA ;; ANSWER SECTION (2 records) forms.gov. 10800 IN SOA ( dns.gsa.gov. hostmaster.gsa.gov. 769291689 ;serial 3600 ;refresh 180 ;retry 1209600 ;expire 3600 ;minimum ) forms.gov. 10800 IN RRSIG ( SOA 8 2 10800 20250718200808 20250618200308 23659 forms.gov. QNIPH/VcB8toiPDmW7pLr8Ozyj23piSfet614UQhQm1LGiYFsn1EV4MiVw9+L7vF8S3jgsuyKtf4 j57way9Sn/udzlJC+NzVh9XA+Grih8Uysi+dNKp+sm8e+bjYuuEt1wT6hIBmiGQm0YcUns7mH+Nb jYNgdULdTsczKmOI7Fo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to dns.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.142.184
	;; Response received from [13.248.142.184] 223 octets ;; HEADER SECTION ;; id = 61306 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= )`
	RRSIG=23659 and DNSKEY=23659 verifies the A RRset

forms.gov

	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 15947 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns5.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns5.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.9.162
	;; Response received from [76.223.9.162] 223 octets ;; HEADER SECTION ;; id = 42696 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= )`
	RRSIG=23659 and DNSKEY=23659 verifies the A RRset

forms.gov

	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 58458 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns3.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns3.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.144.182
	;; Response received from [13.248.144.182] 223 octets ;; HEADER SECTION ;; id = 11537 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= )`
	RRSIG=23659 and DNSKEY=23659 verifies the A RRset

forms.gov

	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 25156 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns2.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns2.gsa.gov for forms.gov/A
	Received 223 bytes from 76.223.24.135
	;; Response received from [76.223.24.135] 223 octets ;; HEADER SECTION ;; id = 10569 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= )`
	RRSIG=23659 and DNSKEY=23659 verifies the A RRset

forms.gov

	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 9023 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	dns4.gsa.gov is authoritative for forms.gov
	Found RRSIG signed by forms.gov zone
	Query to dns4.gsa.gov for forms.gov/A
	Received 223 bytes from 13.248.149.147
	;; Response received from [13.248.149.147] 223 octets ;; HEADER SECTION ;; id = 25599 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; forms.gov. IN A ;; ANSWER SECTION (2 records) forms.gov. 300 IN A 23.22.13.113 forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	forms.gov A RR has value 23.22.13.113
	Found 1 RRSIGs over A RRset
	`forms.gov. 300 IN RRSIG ( A 8 2 300 20250718200808 20250618200308 23659 forms.gov. TEEsuQtXiVT1qytqE0IDPCtnUCOJad4ITElIP5zqnPhK2Y1hGW6Q/+yE5yKxBWNR5XrPSic9zvLa BIUmkMh6F0gV2eVCjOLzxzBj4KjgZis0nN0cTb1U2egIH/W9OiNM3zp+VDeQ3rjQxMw0C7JETxGK HMJ+aeq5cItm0Px78F4= )`
	RRSIG=23659 and DNSKEY=23659 verifies the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test forms.gov at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: